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Abstract 



The way activity in a system proceeds is that events occur 
as a result of some conditions and lead to some new conditions 
which make other events possible. Often it is necessary to 
coordinate such events to ensure proper behavior. Coordination 
nets for representing such coordinations and physically 
realizable structures for enforcing such coordinations are 
presented. These structures are modular and can be mechanically 
derived from the coordination nets. Coordinations involved in 
concurrent management of resources are also discussed. 
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CHAPTER 1 



INTRODUCTION 



1.1 Events and Conditions 

The way in which the activity in a computer system proceeds is 
that actions, called events , take place in response to conditions of 
the system and lead to new conditions which in turn make other actions 
possible. For example the condition that a user is waiting for a 
processor together with the condition that a processor is free to be 
used may lead to granting of use of the processor to the user. The 
action of granting the processor to the user is said to be an 
occurrence of the event "the processor is granted to the user". As 
a consequence of this event the condition "the user is using the 
processor" comes into force. This condition continues to hold until 
the occurrence of an event corresponding to the release of the pro- 
cessor by the user. An event, which depends on certain conditions, 
is said to be an asynchronous event if the occurrence of the event 
is indefinitely delayed (in the temporal sense) until such conditions 
come into force, unlike a synchronous event which occurs at a definite 
time when the conditions are believed to hold regardless of whether the 
conditions actually hold or not. In the above example, the event "the 
processor is granted to the user" is indefinitely delayed until the 
processor requested by the user becomes free to be used. 
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1.2 Coordination of Events 

Some conditions in a computer may be in conflict, e. g. the condi- 
tions that user 1 is using a processor and that user 2 is using a 
processor are in conflict when there is only one processor and the 
processor can correctly handle no more than one user at a time. Con- 
ditions like these should be prevented from occurring together for the 
proper operation of the computer. This requires that while one of the 
above condition holds, the event that brings the other condition into 
force should be prevented from occurring. Thus there is need to 
coordinate the occurrences of events. 

There are many instances in a computer system requiring coordi- 
nation of events. For example in Multics [1], processors, memory 
modules, input/output controllers and other devices are multiplexed. 
For proper multiplexing, the actions of connecting the devices to differ- 
ent users must be coordinated. Another instance requiring coordination 
is a computer network where independently operating computer systems 
communicate through a communication network. 

Even though these problems take many forms and look different, 
they can be reduced to the problem of coordination of the occurrences 
of events. In order to deal with these problems satisfactorily, a 
suitable scheme for representing the coordination and suitable 
schemes for implementing such coordination are needed. 



11 



1. 3 Related Work 

Most earlier work has been in connection with the representa- 
tion of computations, information systems and coordination of con- 
current processes. Dijkstra [2] uses 'semaphores' for coordinating 
sequential processes, Dennis and Van Horn [3] use 'fork' and 'join' 
as primitives for coordinating processes within a computation. In 
terms of models for computations, Miller and Karp parallel program 
schemata [4], Slutz flow graph schemata [5] and Luconi computation 
schemata [6] represent a few that have been devised. These works 
are directed towards representation of parallel computations and in- 
vestigating output functionality of such computations, rather than 
studying representation of the coordination of events and finding a 
systematic implementation for the coordination specified. In this 
respect the work of Petri on representation of physical phenomena 
[7] and the work of Holt on Occurrence Systems [8] is most signifi- 
cant because of their usefulness in representing the coordination of 
events. Significant as these works are, they fall short in two im- 
portant respects: i) the complexity of representation of coordination 
in their models increases at an undesirable rate with the size of the 
problem and ii) no way for implementing the coordination is given. 
This thesis presents a representation scheme in which it is easier 
to formalize coordination, in which the complexity of representation 
does not increase as rapidly, and gives a method for systematically 
deriving asynchronous modular structures for enforcing the coordination. 
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Some earlier work on asynchronous modular structures was done by Muller 
and Bartky[9,10]. Clark and his associates are also actively working in 
this area [11] . The approach to asynchronous structures presented in 
this thesis was inspired by the work of Muller. 

1.4 Plan of the Thesis 

In Chapter 2 of the thesis, alternative representation schemes 
for representing coordination are studied with regard to their 
limitations and the causes of the limitations, and a representation 
scheme called coordination nets is presented. The choice of this 
scheme for representation of coordination is motivated by the precision 
and convenience it offers in formalizing coordination. For the pur- 
pose of implementing coordination, certain coordination nets called 
homogeneous coordination nets are of great importance. Fortunately 
coordination nets which are not homogeneous can be transformed into 
equivalent homogeneous coordination nets. In Chapter 3, homogeneous 
coordination nets are defined and a systematic transformation of 
coordination nets into homogeneous coordination nets is presented. 
In Chapter 4, asynchronous modular structures, called coordi- 
nation structures, for implementing the coordination are presented. 
These structures, built from a small number of tupes of modules 
specified in the chapter, can be systematically derived from the 
coordination nets. The chapter presents a systematic derivation of 
the structures starting from the coordination nets. 
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Chapter 5 of the thesis is devoted to showing that the coordina- 
tion structures presented in Chapter 4 correctly implement the coordi- 
nation nets. The proofs in this chapter involve examination in detail 
of the behaviour of the coordination structures, and may be skipped 
without loss of continuity. 

In Chapter 6, coordination required in concurrent management of 
resources is studied and the structure of an arbiter for performing 
such coordination is presented. In Chapter 7 conclusions and sug- 
gestions for related research are presented. 
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2.2 Partial Ordering s 

In using partial orderings to represent coordinations, the events 
which are to be coordinated are represented as nodes and the coordi- 
nation among them is represented by defining a partial ordering on 
these nodes. The events corresponding to the nodes which are ordered 
must occur in that order but the events corresponding to nodes which 
are not ordered may occur concurrently. In the example shown in figure 
2.1 events e" and e" are ordered and so must occur in that order 
i.e. the computation x *- x X b can be initiated only after the 
termination of the computation u ■*- f(a) . Furthermore events e' 
and e' are not ordered meaning that they can proceed concurrently. 
Two events which are concurrent may occur in any order in time and 
may even occur coinciden tally (simultaneously). 

2.3 Limitations of Partial Orderings 

In the example of figure 2.1, conditions c„ and c, correspond 
to the execution of computations x «- uXb and y «- vXb respectively. 
If the system has two or more multipliers these two computations can 
be in progress at the same time without creating any problems. For this 
situation the partial ordering of figure 2. 1 correctly represents the 
coordination of the events, but if the system has only one multiplier 
and it can handle correctly no more than one multiplication at a time 
the partial ordering incorrectly represents the coordination required 
because it permits simultaneous use of the multiplier by the two compu- 
tations. In the latter case, for correct operation the two multiplica- 
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Scheme 
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tions must not take place simultaneously; they may take place in any 
order as long as they do not overlap (in time). This means that condi- 
tions c 2 and c, must not hold simultaneously. In using a partial 
ordering as a representation scheme, the only mechanism for preventing 
two conditions from holding simultaneously is to sequence them by 
ordering the event terminating one condition and the event initiating 
the other condition. Such ordering while preventing simultaneous hold- 
ing of the conditions, introduces some undesirable side effects of its 
own because the ordering is fixed a priori. Consider for example the 
case where the functions f and g are partial functions. There are 

only two ways in which conditions c. and c, can be ordered- i) c, 

2 4 ' 4 

follows c 2 and ii) c ? follows c, . The partial ordering corres- 
ponding to the first choice is shown in figure 2.2 . A computation 
coordinated by this partial ordering does not always lead to the 
same result as the computation coordinated by the partial ordering 
of figure 2.1 as for instance when g(a) terminates but f(a) does 
not. This is the side effect mentioned above. The other choice 
being symmetric, has a similar problem. The above example points out 
the inadequacy of partial orderings in representing conditions or 
events which may only occur in any order but not simultaneously. 

Another limitation of partial orderings is that a situation in 
which occurrence of an event prevents or precludes the occurrence of 
some other event cannot be represented. This is illustrated by the 
following problem relating to the coordination of two cars and a gate 
through which they must pass. 
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The Problem of Two Cars and a Gate 



Consider two cars and a gate through which they must pass. It 
is not known which car arrives at the gate first, and the gate is 
initially closed but can be operated by either car; when the gate is 
operated, it opens if it is closed and closes if it is open. 
Furthermore a car can operate the gate only once. The events are to be 
so coordinated that the gate is opened by the first car, but is undis- 
turbed by the second car so that both cars can pass through the gate as 
they arrive. 

The partial ordering shown in figure 2.3 is an attempt to represent 

coordination of the events for the desired operation of the gate . Since 

either car may be the first one to arrive at the gate, both cars should 

be able to open the gate by operating it. The car that follows the 

first car should not operate the gate or it will shut the gate that is 

already open.' This implies that the events by means of which the two 

cars flip the gates must be distinct and unordered. In addition to 

opening the gate, the first car should do something to help the second 

car refrain from operating the gate. This means that the occurrence of 

event e' 1 should preclude the occurrence of event e, if it has not 

6 

occurred already, and similarly the occurrence of event e" should 
preclude the occurrence of event e if it has not occurred already. 
Since no events can be removed from the domain of a partial ordering 
without redefining it, the coordination of events required in the above 
problem cannot be represented through a partial ordering. 
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Figure 2.3 The Problem of Two Cars and the Gate 
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2.4 Causes of the Limitations 

At the root of the inadequacies of partial orderings in repre- 
senting the coordination of events is the fact that a partial order- 
ing is fixed. A partial ordering is adequate for representing the 
temporal relationship between events which have occurred already; in 
such a partial ordering the occurrences which are ordered are said to 
have occurred in that order, while nothing is known about the temporal 
relationship among those occurrences which are unordered. If the 
partial ordering of the occurrences of events is considered a history 
of events, specification of the coordination of events through a partial 
ordering completely predetermines the history of the events. These 
limitations can be removed by using structures like Petri nets [7]. 

The Petri nets of interest here are the modified Petri nets 
used by Holt in the "Final Report of the Information System Theory 
Project" [8]. A brief introduction to Petri nets is given below. 
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2.5 Petri Nets 

Definition A Petri net N is a directed graph defined as a 
quadruplet, <T,P,A,B ), where 



T = C^'"'' 4 ^} is a finite set of transitions 



P = [p,,---,p } is a finite set of places 



the nodes 
of the graph 



A - [a^,...,a^3 i s a finite set of directed arcs of the 

form <x,y> which either connect a 
transition to a place or a place to a 
transition. 


B c P is the initial stone distribution , the set 

of places which have stones initially. 

An arc <x,y> is said to be directed from x to y. The input 
places of a transition are the places from which there are directed 
arcs to the transition. In a similar way the output places of a 
transition are defined to be the places which have incident arcs from 
the transition. The sets of input and output places of a transition 
t are denoted by I(t) and 0(t) respectively. 

A place is capable of having a stone. A place is said to be full 
if it has a stone and empty if it does not. 
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Simulation 

A transition is said to be enabled when (all) its input places are 
full. A transition can occur only when it is in enabled condition. When 
a transition occurs it removes a stone from each of its input places and 
puts a stone in each of its output places. Note that the number of stones 
in the net is not invariant with respect to the occurrence of a transition 
unless the transition has the same number of output places as input places. 
When two or more transitions share an input place, only one of the tran- 
sitions occurs even when more than one is enabled, for the occurrence of 
any one of them terminates the enabled condition of the others. (Two 
transitions are said to conflict if they share an input place and can 
be in enabled condition at the same time.) 

The simulation rule states that transitions occur on their own when- 
ever they are enabled, subject to the restriction mentioned above that a 
transition must pick a stone from each of its input places in order to 
occur. Implicit in the simulation rule is the fact that transitions 
which do not share input places proceed independently of one another 
while transitions that share input places interact with each other. 

In the Petri-net presented in figure 2.4, only transition t is 

in an enabled condition (i.e ready to occur) initially. The occurrence 
of this transition removes the stone from place p and places a stone 

in place p . in so doing transition t ? enables transition t_. 

When transition t. occurs, transitions t, and t,. are enabled. 
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N = <T,P,A,B°> 
where 



T — 1 t. , t2 5 • • • j t_ ) 

P = {p 1 ,P 2 »'«»»Pn^ 
A = (<P 5 ,t 1 >,<P 6 ,t ] >, 

B = (Px'Ps^ 



. ,<t 9 ,P n >) 



Figure 2.4 A Petri Net 
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Since these transitions do not have any input places in common, they 

can proceed independently of each other. If transition t happens 

to occur before transition t^ places p 3> p 5 and P? get stones 

and transition t also gets enabled. Transitions t, and t are 
3 4 9 

in conflict as both need the stone in place p Therefore either 
transition t g or transition ' t^ occurs. If the former transition 
occurs, the net comes to a rest as no transition is in an enabled 
condition following this transition. On the other hand if transition 
t 4 occurs, transitions t ± and t g are enabled. These transitions 
are also in conflict, and therefore only one of them occurs. If tran- 
sition t x occurs, places p x and p 1Q get stones. At this point 
transition t g and t 2 are enabled. If t occurs, the net reaches 
the condition it started from and the action continues as before. 

It should be observed that in the above net no place can have more 
than one stone in it at any time. A net with this property is called a 
safe net . 

Figure 2.5 shows a Petri-net representing the coordination involved 
in the problem discussed earlier with figure 2.1 which could not be 
represented as a partial ordering of events. The important thing to 
note in figure 2.5 is that conditions c 2 and c, are concurrent but 
do not hold at the same time i.e. they are not coincident. 

Figure 2.6 shows a Petri net representing the coordination of the 
cars in the problem discussed earlier with figure 2.3 . 
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condition c 



condition 

c u «- f(a) 



c„ x «- u X b 



c, v 4- g(a) 

c, y <- v X b 
4 



Figure 2.5 A Petri Net Representing the Coordination 
for the case of one Multiplier 
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The gate is closed initially 

c. : car A comes to the gate 

c_: car A passes through the gate 

c : car B comes to the gate 

c, : car B passes through the gate 

c,.: car A may proceed as it has 
flipped the gate 

car B may proceed as it has 
flipped the gate 

car B may proceed as car A 
has flipped the gate 

car A may proceed as car B 
has flipped the gate 



V 



Figure 2.6 A Petri net for the Coordination of the 
two Cars Passing through the Gate 
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The author has found Petri-nets to be adequate in representing 
coordinations of events, but it appears that a claim that Petri-nets 
provide a satisfactory formal counterpart to vague notions about coor- 
dination of asynchrounous events cannot be proved just as the claim that 
Turing Machines provide a satisfactory formal counterpart to the vague 
concept of algorithm cannot be proved. The claim must be accepted or 
rejected on the basis of experience, and the experience of the author 
and that of others [12] indicates that Petri-nets provide a satisfactory 
formalism for the study of coordination of asynchronous events. 

Even though Petri nets are satisfactory as regards the varities of 
coordination they can represent, they tend to be too detailed, and 
complexity of representation of problems increases with the size of 
the problems at an undesirable rate. Any improvement that leads to a 
reduction in details and simplification of representation is valuable, 
especially because the representation scheme is being developed for 
specifying and formalizing coordination relating to practical problems. 
The representation scheme called a coordination net , which is described 
next, incorporates the considerations mentioned above. Coordination 
nets do not add more variety to the class of coordinations represented 
by Petri nets, but they make representation simple and manageable. More- 
over, the simplicity of representation is carried over to the implementa- 
tion of the coordination. 
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2.6 Coordination Nets 

Coordination nets are generalization of Petri-nets. The transitions 
in coordination nets are classified into three classes viz, input- transi- 
tions , output- transitions and internal transitions , depending on the role 
they play in the interaction by means of which the net coordinates the 
events in the external - world , i.e. the world external to the net. For 
correct representation of such interaction, the process of the occur- 
rence of a transition in a coordination net has been split into two steps: 
in the first step the transition initiates by claiming a stone from each 
of its input places, and in the second step the transition terminates by 
removing those stones from the input places and putting stones in the out- 
put places. The interaction between the net and the external world takes 
place as described in the next paragraph. 

An input transition does not initiate until the external world 
reaches a certain condition, called an input- condition , which is associa- 
ted with the input transition. On the other hand the initiation of an 
output transition indicates to the external world that it should proceed 
with a certain event associated with that transition. An output transi- 
tion terminates only after the associated event has occurred. The in- 
ternal transitions do not take part in such interaction; they can be 
thought of as performing some internal computation. 
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The presence of a stone at a place corresponds to the holding of a 
condition. In a similar way, the presence of stones at a number of 
places also constitutes effectuation of a condition. The power set of 
P, the set of places in the net, represents the set of all possible 
conditions. Petri nets as well as coordination nets specify coordina- 
tion by specifying certain restrictions on the holding of conditions. 
In particular they rule out certain conditions. In case of a Petri net 
the constraints are specified by means of the structure of the net alone, 
but in case of a coordination net some constraints are specified by means 
of the structure and some by means of a constraint set which lists the 
conditions which are to be ruled out. A constraint set is a subset of 
the power set of P, and its members are called constraints . 

For example in the problem of the cars and the gate (figure 2.6) 

the additional constraints that only one car should arrive at the gate 

at a time and that only one car should go through the gate at a time 

can be incorporated by specifying the constraint set ffc.., c }, 

^•13 

{ c 2> c ^}} which means that conditions c and c should not hold 

at the same time and that conditions c_ and c, should not hold at 

I 4 

the same time. 

The conditions which are listed in the constraint set are ruled out 
directly, and in addition those conditions which include these conditions 
are also ruled out (recall that a condition is a subset of P) . For 
example when P = {a,b,c,d}, ruling out condition {a,d} rules out 
conditions [a.b.d], {a,c,d} and {a,b,c,d} as well, for when any of 
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these conditions hold, the condition {a,d} also holds. 

A coordination net C is a tuple < N,Ct >, where 

A 

N = < T,P,A,B > is a Petri-net 

where 

T=TUtL)T is a finite set of transitions 

where 

T is a set of transitions designated as input 
transitions 

o 
T is a set of transition designated as output 

transitions (sets T and T are not 
necessarily disjoint) 

T is a set of transitions which are neither 
input transitions nor output transitions 
i.e. they are internal transitions . 

P = (Pi >-»'>P } a set of finite number of places 
1 n * 

A = {a..,..., a,} a set of finite number of directed arcs 

of the form < x,y > which connect places 
to transitions and transitions to places. 

B c p is the set of places which have stones initially (this 
is referred to as the initial stone distribution ). 

Ct c (P(P) is a constraint set which contains the constraints i.e. the 
sets of places which should not have stones at the same time. 
For example the constraint set {ip,,p/}, {p,,P 2 ,p ,}} speci- 
fies that places p 1 and p, should not have stones at the 
same time and places p.. , p„ and p should not have stones 

at the same time. Input and output places of a transition are 
not permitted to be part of the same constraint. 
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A transition is said to be enabled if its input places have unclaimed 
stones. An enabled input transition is said to be ready to initiate if 
the external world has reached the input-condition associated with the 
transition. The other types of transitions, namely internal transitions 
and output transitions, are ready to initiate when they are enabled. In 
order to initiate , a transition must be ready and must claim a stone at 
each of its input places. Thus when two or more transitions have a common 
input place, only one of them initiates even if all are ready as initiation 
of any one of them terminates the ready condition of the others. Internal 
transitions and the input transitions terminate immediately following their 
initiation, but an output transition terminates only when the event associa- 
ted with that transition has occurred. A transition is said to be active 
if it has initiated but not terminated. In the process of initiation, a 
transition merely claims the stones in input places: At termination the 
transition removes a stone from each of the input places and puts a stone 
in each of the output places. 

In addition to satisfying the requirement for initiation of a tran- 
sition, viz that the transition be ready and that it claim a stone at 
each input place, the initiation of the transition must not violate the 
constraints specified by the constraint set. 
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Places which have stones and places which are output places of 
active transitions are said to be active places . A set of active places 
is said to be admissible if the set does not contain any collection of 
places which is a member of a constraint set, e.g. if {Ip-^P^}, {p 1 ^P 2 ,P 3^ 

is the constraint set then the set of active places {p 2 'P3'P43 is ad ~ 

missible but {p^p^p^ is not. 

The simulation of a coordination net proceeds through initiation 
and termination of transitions in such a manner that at all times the 
set of active places in the net is admissible. Thus a ready transition 
can be initiated only if the set of active places it leads to is ad- 
missible, i.e. the output places of the transition can be added to the 
set of active places without making the set of active places inadmis- 
sible. A transition can terminate without regard to the constraints 
because it only reduces the number of active places. 

The simulation rule given in the paragraph above implies that tran- 
sitions which neither have input places in common nor have output places 
that belong to a common constraint proceed independently. Transitions for 
which this does not hold interact with each other i.e. they are not inde- 
pendent of each other. 
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An Example Figure 2.7 shows a coordination net. The Petri-net part 
of this coordination net was discussed earlier in the section on Petri- 
nets. The constraint set of this net consists of only one constraint, 
{P 3 >P 5 >P 7 } , which specifies that these places should not be active at 

the same time, and therefore they cannot have stones at the same time. 

Only the input transition t 2 is enabled initially. Being an 
input transition, the transition becomes ready (to initiate) only when 
the associated input-condition is attained in the external world. When 
this happens, the transition initiates and then terminates by removing 
the stone at place P][ and putting a stone at place p . The occurrence 
of transition t^ is thus complete. Transition t is now ready. 
Since this transition is an internal transition, it occurs without regard 
to the condition of the external world. The occurrence of this transi- 
tion removes stones from places p 2 and p g and puts stones in place 
P 3 > P^ and p^. At this point transition t is ready to occur, but 
it cannot initiate as that would make places p , p and p active - 
a condition ruled out by the constraint {p 3 ,p 5 ,p 7 }. Thus the occurrence 
of transition t 5 is delayed until transition t, has occurred. When 
these transitions have occurred, places p p and p have stones. 
At this point if the external world has reached the input-condition 

associated with the input transition t c , transition t, and t r are 

j 16 

in conflict, and even though both of them are ready, only one of them 
occurs. In the following discussion only the case in which transition 
t l occurs is explained for the other case is not much different from 
this one. 
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C = <N,Ct> 
where 



,0> 



N = <T,P,A,B > 
where 



T — i t, , t„, • • • » tg ; 

P = {p 1 »P 2 »'*'»Pn^ 

A= (<P 5 ,t 1 >,<P 6 ,t 1 >, ... ,<t 9 ,p u >} 

r i 

B = (P^Pgl 



ct = {(p 3 ,p 5 ,p 7 }} 



Figure 2.7 A Coordination Net 
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If transition t^ occurs, places p.. and p get stones 



and 



the output transition t_ is initiated. The initiation of this tran- 
sition informs the external world that it should proceed with the event 
associated with the transition. When this event has occurred, the tran- 
sition terminates and place p~ gets a stone, and the net reaches 

the condition it started out with. The action thus continues. 

It should be observed that transition t Q can never get a chance 

to occur because the constraint [p ,p ,p } rules out the possibility 

of P 3 > P 5 and p being full at the same time. 

An illustrative example showing case of representation offered by 
coordination nets over Petri nets is presented in figure 2.8 and 2.9 
both of which represent the same coordination. 
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Figure 2.8 A Coordination Net 



39 




CU 




A 




4-> 




CO 




ctt 




C 




O 




•H 




■U 




cd 




CI 




•H 




13 




U 




O 




O 




u 




CD 




F! 




cti 




CO 


CO 




• 


01 


CM 


.C 




■w 


CU 




u 


60 


3 


C 


bO 


•H 


•r4 


4-1 


m 


C 




CU 


4-1 


co 


o 


cu 




u 


4-J 


(X 


CU 


cu 


ci 


Pi 






c 


u 


o 


cu 


■1-1 


c 


4-> 




CO 


•H 


ti 


(-1 


•H 


4-> 


T5 


CU 


^4 


P-l 


O 




o 


< 


u 



01 

60 
•H 



CHAPTER 3 



HOMOGENEOUS COORDINATION NETS 



3.1 Introduction 

The choice of a representation scheme on the basis of ease of 
representation of problems is justified when the representation of a 
problem in the chosen scheme can be transformend into a representa- 
tion which is easy to implement. For example, high level languages 
are used in programming because a programmer can specify the algorithm 
in his mind more easily in a high level language than in a machine 
language; the algorithm specified in the high level language can be 
transformed into an equivalent algorithm in the machine language through 
the mechanical process of compilation. 

The choice of coordination nets as the representation scheme was 
influenced by these considerations. Coordination nets of a particular 
form called homogeneous coordination nets are particularly suited for 
implementation of coordinations. Coordination nets used in formalizing 
problems may or may not be homogeneous, but fortunately the non-homo- 
geneous coordination nets can be mechanically transformed into equiva- 
lent homogeneous coordination nets. 
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3.2 Homogeneous Coordination Nets 

Homogeneous coordination nets are coordination nets in which 
the output places of transitions have a certain equivalence with respect 
to the constraint set. 

It should be recalled that a constraint is a set of places, and 
if x is a constraint and x c y c P then x implies constraint y. 
This allows the reduced constraint set to be defined as the smallest 
subset of the constraint set that implies the entire constraint set. 
The reduced constraint set for a constraint set Ct is denoted by R(Ct) 
The domain of a constraint set is said to be the set of places which 
participate in the constraints. 

The domain of influence of a place is the set that is obtained by 
deleting the place from the set of constraints (in the reduced constraint 

set) that involve that place. The domain of influence of a place p is 

r i 
denoted by DI(p.) 

Thus when R(ct) = {{p^}, {p^}} then DI^) = {{p^, (p,,}}. 

and DI(p 4 ) = {{ Pl }} 

Two places are said to be constraint equivalent if they have the 
same domain of influence. This equivalence relation is denoted by CE. 
A transition is said to be a homogeneous transition if its output places 
are constraint equivalent, and a coordination net is said to be a 
homogeneous coordination net if its transitions are homogeneous. 
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In a homogeneous coordination net, as the output places of tran- 
sitions are constraint equivalent, the constraints associated with the 
output places can be associated with the transition themselves. The 
way this fact is used in the implementation of coordination nets pre- 
sented in the next chapter is that the constraints are brought into 
force at initiation of the transition and are kept in force until all 
of the stones put into the output places by the transition are used 
up by some other transitions, that is, the constraints come into force 
the moment the output places become active and remain in force until 
all output stones put into the output places by the transition are 
removed by other transitions. 

The constraint equivalence relation partitions the set P of 
places into equivalence classes P 15 ...,P . The constraint set that 

is obtained by replacing the places in the reduced constraint set by 
corresponding equivalence classes is called the reduced constraint set 
with respect to equivalence classes of places and is denoted as RP(Ct). 

Thus if P = {pj, . . . ,p g ] 
and 

ct = {l Pl ,p 5 }, {Pj_.P2.P3}, Cp 5 >p 4 }> {p 5 >p 2 'P 3 } 

{P r P 6 >P 3 }> {P 5 >P 6 >P 3 }} 
Then 

P = tP 7 >P 8 } P l = W>P 5 } P 2 = t p 2' p 6 } P 3 = tP 3 ) V* p 4> 
and RP(Ct) = ({P 1 ,P 4 ),{P 1 ,P 2 » P 3 JJ 
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The constraint set conditional to places p , ...,p refers to the 
constraint set obtained by removing places p . ,p from the con- 

JL K. 

straints. The conditional constraint set gives the constraints given 
that certain places, in this case p 1 ,...,p k , have stones, and is 

denoted by ct/{p 1> . . . ,p k ) . Thus in the above example Ct/{p ,p } = 
Up 4 }> {P 2 3> {P 5 'P 4 } 5 {P 5 .P 2 )> {P 6 }. [P 5 >P 6 }i 

Similarly RP(Ct)/f P^Pg} = {{P^JP,,}} 



3.3 Transformation into Homogeneous Nets 

A non-homogeneous coordination net can be transformed into a homo- 
geneous coordination net by applying a straightforward transformation 
to each non-homogeneous transition in the net. Basically the transfor- 
mation breaks up a non-homogeneous transition into a number of homo- 
geneous transitions (figure 3.1). 

What the transformation does is to introduce intermediate tran- 
sitions, one for each equivalence class of places in the set of output 
places, between the transition under consideration and its output 
places; the intermediate transitions now do the task of putting stones 
in the output places of the original transition. 



44 




Qi 



Figure 3.1 Transformation of a Non-homogeneous Transition 
into Homogeneous Transitions 
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Consider a non-homogeneous transition t that is to be transformed 
into a set of homogeneous transitions. As the transition is non-homo- 
geneous, the output places of the transition fall into some constraint 
equivalence classes Qi>»-«»Q t ' The transformation introduces a tran- 
sition Z. and two places u. and v. for each equivalence class 
x K 1 1 M 

Q. (see figure 3.1). In the transformed net, the places in Q. , instead 

of directly being output places of transition t, are output places of 

an intermediate transition z. which is connected to the transition 

l 

t by intermediate places u. and v. : u. is an output place of 

ill 

t and an input place of z., v. is an output place of z. and 

an input place of t, and places v.'s have initial stones. The new 

constraint set is obtained by adding to the existing constraint set, the 
collection of constraints that is obtained by selecting the constraints 
that involve the output places of the original transition and substitut- 
ing in them u. for those places. In other words the new constraint 

is such that the conditional constraint set with respect to u. is the 

i 

same as the condidional constraint set with respect to the set of output 

places of the original transition. 

The collection of transition that results from the transforma- 
tion behaves as the original transition because on termination of the 
given transition, the intermediate transitions can occur unobstructed 
as the constraints associated with u.'s cover the constraints associa- 
ted with the output places of the original transition. 
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3.4 Conflicts and Conflict Clusters 

Two transitions in a coordination net are said to conflict if in 
some simulation of the net they may be enabled together but the occur- 
rence of either one of them terminates the enabled condition of the other 
(because they have a common input place). Alternatively two transitions 

t. and t. conflict if I(t.) D I(t.) f § and there is some simulation 
i J i J 

for which they are in enabled condition at the same time. This relation 

between transitions is denoted by C-(t.,t.) . The relation C, is 

f l j t 

symmetric but not necessarily transitive. 

A conflict should not be regarded as an error or as an unwanted 

situation, for conflicts provide a means for introducing a controlled 

amount of uncertainty into coordination nets. In the problem of cars 

and gate discussed in the preceding chapter, conflicts play an impor- 
tent role in coordinating the cars. 

Conflicting transitions cannot proceed independently; their acti- 
vities must be coordinated as occurrence of either one must prevent 
occurrence of the other. The conflict relation C f for a net can 
be obtained by systematically simulating the net. Such a simulation, 
even though finite, may be long. It is not essential that the relation 
C f be known completely for implementing a coordination net, for a re- 
lation called pseudo conflict relation , which can be easily obtained from 
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the net, can be used in coordinating the transitions in place of the 
conflict relation. 

Pseudo Conflicts 

Two transitions are said to be in pseudo conflict if they have an 
input place in common. Pseudo conflict is represented by a binary re- 
lation S where S(t.,t.) = (I(t.) D I(t.) * $). 

For two transitions to be in conflict, they must have at least 
one input place in common, C f (t.,t.) => S(t.,t.). Moreover, if a binary 

relation P(t.,t.) is defined to hold if t. and t. can occur coin- 

cidentally (simultaneously) in some simulation of the net, then 
S(t.,t.) =»"lP(t.,t.) . Therefore the following relation holds. 

V t., tj e T (C f (t.,t.)^ S(t.,t.)) A (P(t.,t.) *-|S(t.,t.)) 



n 



This relation among C , S and P indicates that any relation C 

which is in between C and S (including them) can be used to 

coordinate the transitions, that is it will prevent conflicting tran- 
sitions from occurring coincidentally but will not disturb the transi- 
tions which should be allowed to occur coincidentally. 
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Conflict Clusters 

A conflict cluster is a maximal set of transitions such that the 

transitions in the set are pairwise related by C , i.e., a transition 

in the set conflicts with every other transition in the set. The set 

of (all) conflict clusters of a coordination net is denoted by C„ . 

Figure 3.2 presents the concept of conflict cluster graphically. In 

this figure, an edge between two transitions indicates that they 

conflict (according to the relation C ). The conflict clusters are 

n 

indicated by drawing enclosures around the transitions in the clusters. 
The domain of a set of conflict clusters is said to be the set of 
transitions that participate in the conflict clusters, and is denoted 
by D(C fc ) . 



CHAPTER 4 
COORDINATION STRUCTURES 



4.1 Introduction 

This chapter presents asynchronous modular structures, called 
coordination structures , for implementing safe homogeneous coordination 
nets (for meaning of safe nets see page 25). Coordination structures 
can be derived systematically from the nets using the method presented 
in this chapter. It is assumed that the nets do not have any places 
which are both input and output places of the same transitions. This 
is not an undue restriction as nets can be made free of such places by 
introducing intermediate transitions (and places) between such places 
and the transitions; those places then become output places of the 
intermediate transitions instead of the original transitions. 

The modules used in the construction of coordination structures are 
specified in this chapter. The thesis, however, does not give hardware 
implementation of these modules, but the author believes that a neet 
systematic implementation of these modules can be worked out. A brief 
discussion on hardware implementation of these modules is presented in 
the appendix. 
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4.2 Asynchronous Modular Structures 

Asynchronous modular structures [13] are constructed from a small 
number of types of asynchronous modules which are interconnected by 
links at certain well defined points (of the modules) called ports. 
The modules are connected to each other only through their ports, and 
at most one link may be connected to a port. 

Figure 4.1 presents an asynchronous modular structure. This struc- 
ture permits events a and b to occur concurrently but prevents event 
c from occurring until both events a and b have occurred. The struc- 
ture consists of four asynchronously operating modules connected by 
links. The links carry signals in both directions (figure 4.2), a ready 
signal in the forward direction and an acknowledge signal in the reverse 
direction. The signalling discipline requires that the first signal be 
a ready signal and that the ready signals be separated by acknowledge 
signals. A ready signal indicates that the module which receives it 
may begin with its activity. A ready signal is later acknowledged by 
returning an acknowledge signal. The acknowledge signal need not be 
returned immediately following the receipt of the ready signal. In 
that case the acknowledge signal conveys completion of some action in 
addition to acknowledging receipt of the ready signal. The link 
described above is called a simple link . The operation of the modules 
used in the structure shown in figure 4.1 is explained below. 

The wye_ module sends a ready signal on both links 1 and 2 upon 
receiving a ready signal on link 0, and returns an acknowledge signal 
on link upon receiving the corresponding acknowledge signals on both 
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links 1 and 2 . The seq (sequence) module sends a ready signal on 
link 1 upon receipt of a ready signal on link and, later, sends a ready 
signal on link 2 following the receipt of an acknowledge signal on 
link 1 in response to the ready signal which was sent out on that link. 
When an acknowledge signal is received on link 2, the module returns an 
acknowledge signal on link 0. It thus serves to order the activities 
of the two group of structures connected to the ports 1 and 2, whence 
the name "sequence". A jun (junction) module sends a ready signal on 
link when it receives ready signals on both links 1 and 2, and when 
this signal is acknowledged, the module returns acknowledge signals on 
links 1 and 2 . 

The operation of the structure is as follows. Upon receiving a 
ready signal on link a , the structure enables events a and b by 
sending ready signals to them. When both of these events have occurred 
as indicated by the acknowledge signals on links a and b , the struc- 
ture enables event c . Following the occurrence of event c an acknow- 
ledge signal is returned on link a signalling the completion of the 
occurrences of all events associated with the structure. 
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4.3 Implementation of Coordination 

Coordination of events can be carried out only if the occurrences 
of events can be controlled, because the absence of control precludes 
any enforcement of coordination. In order to force coordination on 
occurrences of events, it should be possible for the coordination struc- 
ture to delay the occurrence of the events for as long as is deemed 
necessary. Such a control can be had if the occurrence of an event 
depends upon receipt of a signal from the coordination structure. The 
signal from the coordination structure can be thought of as permission 
for the event to occur. Moreover when the occurrence is completed, the 
event should send a signal to the coordination structure so that the 
structure can up-date its knowledge of the status of events. 

In a coordination net, the transitions referred to as input transi- 
tions are a means through which the external world, i.e., the world in 
which the events occur, indicates to the net that certain conditions 
have been reached in the external world, say a processor has become 
available for use. In coordination structures, the external world sends 
such information by sending a ready signal to the structure on a link 
assocated with an input transition. The coordination structure records 
this information and returns an acknowledgment (i.e. an acknowledge 
signal). The coordination structure instructs the external world to 
proceed with an event by sending a ready signal on the appropriate 
link, and when the occurrence of the event is completed, the external 
world sends an acknowledge signal to the structure on the link. The 
links are thus the means of communication between the coordination 
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structure and the external world; the links incident on the structure 
bring information regarding the condition of the external world while 
those emergent from the structure relay permission for the external 
world to proceed with events (figure 4.3). 

Coordination structures are partitioned functionally into four 
parts: i) the precedence structure, ii) the constraint structure, 
iii) the conflict structure and iv) the initialization structure 
(figure 4.4). The precedence structure establishes precedence among 
events, that is it ensures that events do not occur until the events 
which should precede them have occurred. The constraint structure 
ensures that the constraints are not violated, the conflict structure 
resolves conflicts among transitions if and when they arise, and the 
initialization structure establishes the initial condition in the 
precedence structure as well as the constraint structure to correspond 
to the initial distribution of stones in the net. 

The sub-structures listed above are derived in terms of asynchro- 
nous modules which are connected with links. The links used in such 
interconnection are described below. 
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4.4 Links 

In coordination structures four types of links are used: 

i) single links, ii) double links, iii) triple links, 
and iv) mixed-triple links. These links are called compound links 
as they are themselves composed of two basic types of links called 
simple links and decision links . The single, double and triple links 
consist of one, two and three simple links respectively, and the mixed- 
triple link consists of two decision links and one simple link 
(figures 4.5 and 4.6). The basic links within the compound links 
are called sublinks, and they operate independently of each other; the 
only inter-dependence of signals on them is that established by the 
modules they connect. 

The operation of a simple link was explained earlier in section 4.2 
The decision link is similar to a simple link, but it has two types of 
acknowledge signals, a positive acknowledge signal and a negative 
acknowledge signal to convey a decision, whence the name "decision link". 

4.5 Signalling Discipline and Communication Cycles 

The first signal on a basic link must be a ready signal, and the 
ready signals must be separated by acknowledge signals. A communication 
cycle on a basic link consists of a ready signal followed by an acknow- 
ledge signal. Communication over a compound link takes place in units 
of cycles where a cycle consists of certain cycles on the sublinks. 
Thus a communication cycle on a double link consists of a cycle on each 
of its sublinks, that on a triple link consists of a cycle on sublink e 



5 9 



r : ready 
s igna I 

a: acknov/1 edge 
s i anal 



ready 

s i gnal 



ap . pes i t: ive 

acKnowl edge 

an : ncgat ive 

acknowledge 



flu ISasic Links 



-— :> 






cnai)] e 
cl i sab 1 e 
s t o n e 
check 



n,,- r 



ompounc! Links 



60 



and a cycle on either sublink d or sublink s , and that on a mixed- 
triple link consists of a cycle on either of sublinks c or e and 
a cycle on sublink d . The cycles on sublinks that belong to a commu- 
nication cycle on a compound link are said to correspond to each other. 
The only inter-relationship among the cycles on sublinks is that 
established by the modules they connect. 

4.6 Overview of the Structure and Operation of Coordination Structures 

It was stated earlier that coordination structures consist of 
four parts (figure 4.4): i) the precedence structure, ii) the conflict 
structure, iii) the constraint structure, and iv) the initialization 
structure. The precedence structures are systematically derived from 
coordination nets by substitution of modular structures for places and 
transitions in the net (figure 4.7). 

The structure substituted for a place consists of a P-module with 
modules to accomodate multiple fan-in and fan-out of arcs, and the 
structure substituted for a transition consists of a T-module again 
with modules to accomodate fan- in and fan-out . The links connecting 
these structures correspond to the arcs joining places and transitions 
in the coordination nets. The fan-in and fan-out modules used in 
conjuction with a P-module are called IP and EP modules, and the 
fan-in and fan-out modules used in conjuction with the T-module are 
called IT and ET modules respectively. 
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The links at ports 1 and 2 of a T-module go to the constraint and 
conflict structures respectively (figure 4.7). The link at port 3 of 
a T-module goes to the external world if the transition is an output 
transition, otherwise the link is terminated by an S module (sink 
module). The IT-module associate with an input transition has an inci- 
dent link from the external world. The incident link from the external 
world reaches the IT-module through a P-module which changes it to a 
triple link from a single link. 

Sending a ready signal to the P-module in a place structure 
corresponds to placing a stone at a place in the coordination net. The 
link emerging from the P-module is a triple link. A triple link consists 
of three sublinks called e, d and s which stand for "enable, "disable" 
and "stone" respectively. On receiving a ready signal on the incident 
link, which corresponds to the receipt of a stone, the P-module proceeds 
to inform the associated transitions about the arrival of the stone by 
sending a ready signal on the enable sublink. A ready signal on an 
enable sublink is referred to as an enable signal. The EP-module 
associated with the place fans out the enable signal to the transitions 
which have this place as an input place. In order to claim the stone 
at the place, a transition (structure) must acknowledge the enable signal. 
The stone is claimed by the transition that acknowledges the enable 
signal first. The EP-module associated with the place transmits 
a stone signal (i.e. a ready signal on the stone sublink) to the tran- 
sition which claims the stone, and disable signals to the other transi- 
tions. It will be seen later that the transitions are not in a race at 
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the EP-module because the transition which will be the first to ack- 
nowledge the enable signal is picked by the conflict structure; the 
conflict structure does not permit the other transitions to acknow- 
ledge enable signals until the chosen transition has claimed the 
stones at the input places. 

The IT-module acts as a conjunctive fan-in module, it sends an 
enable signal to the T-module only upon receipt of enable signals on 
all incident links. In terms of the net, it means that the transition 
is not enabled until all input places of the transition have stones. 

Upon receiving an enable signal, the T-module sends a request to 
the constraint structure by sending a ready signal on the enable sub- 
link of the double link at port 1 of the module. When the constraint 
structure gives permission to the transition to proceed by acknowled- 
ging the enable signal, the T-module sends a request to the conflict 
structure by sending an enable signal on the double link at port 2. 
When the conflict structure gives permission to the transition to pro- 
ceed (this corresponds to selection of this transition over the transi- 
tion conflicting with it), the T-module proceeds with initiation of the 
transition in the following way. To claim the stones at the input 
places, the module acknowledges the enable signal on link 0. This ack- 
nowledge signal reaches the input places through IT and EP modules. The 
acknowledge signals from this transition are guaranteed to be the first 
to arrive at the input places as the conflict structure does not permit 
the transitions that are in conflict to acknowledge enable signals 
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until they are disabled by the transition in the process of claiming 

the stones. 

A disable signal (i.e. a ready signal on the disable link) to a 

transition structure from a place informs the transition that the 
stone at that place has been claimed by some other transition. The 
disable signal resets the structure associated with the transition to 
the same condition it would be in if the enable signal had not been 
received. After this resetting the transition acknowledges (receipt 
of) the enable and disable signals. 

Thus the transition which is given permission by the conflict 
structure claims the stones at its input places and disables the other 
transitions which have those places as input places, that is it dis- 
ables the conflicting transitions. As soon as the conflicting transi- 
tions are disabled and they have acknowledged the enable and disable 
signals from the places, the places send stone signals to the transi- 
tions (a stone signal is a ready signal on the stone sublink of a triple 
link) signifying that the stones have been reserved for it. On receiv- 
ing a stone signal from each of the input places, the IT-module associated 
with the transition sends a stone signal to the T-module associated with 
the transition. The T-module then disables the part of the conflict 
structure associated with it (because it does not need the help of the 
conflict structure - remember the conflicting transitions have been 
disabled already) and initiates the transition by sending a ready signal 
on the link 3 of the module (the T-module). If this transition is an 
output transition, this ready signal initiates the associated event in 
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the external world, and when the occurrence of the event is completed, 
as indicated by an acknowledge signal on the link, the T-module ter- 
minates the transition by acknowledging the stone signal on link 
and sending a ready signal on the link 4. The acknowledge signal on 
link has the effect of removing stones from the input places (the 
place structure gets reset to a stable condition in which it can accept 
signals corresponding to stones) , and the ready signal on link 4 has 
the effect of putting stones at the output places. 

The action of a transition structure is completed when the stones 
put out by the transition are used up by other transitions. When this 
happens, the T-module receives an acknowledge signal on link 4. In 
response to this acknowledge signal, the T-module disables the constraint 
structure associated with the transition, and the action of the transi- 
tion structure is completed. 

The nature of the conflict structure, the constraint structure and 
the initialization structure is briefly described below. A detailed 
description of these structures is given later in this chapter. The 
conflict structure (figure 4.32) has a conflict module for each conflict 
cluster of transitions in the precedence structure. A conflict cluster 
is a set of transitions which mutually conflict, and therefore 
only one of them may proceed at a time. When conflicting transitions 
send requests to the conflict structure, the conflict module picks one 
of them arbitrarily - the picked transition is allowed to proceed while 
the other transitions are blocked. After a transition clears through 
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all of the conflict clusters it is involved in, the conflict structure 
allows it to proceed with initiation. Before it initiates, the transi- 
tion that is allowed to proceed by the conflict structure disables the 
transitions which conflict with it. Thus the transitions which are 
disallowed are disabled by the transitions which are allowed to proceed. 
The constraint structure (figure 4.31) ensures that the constraints 
specified in the constraint set are not violated. However, the reason 
why it is shown to have inputs from transitions rather than places is 
that the only way to prevent a stone from getting into a place is by 
preventing a transition from putting a stone into it. The constraint 
structure allows a transition to proceed only if its output places can 
be added to the places already active without causing the set of active 
places to become inadmissible. This is achieved by means of constraint 
modules associated with the constraints in the set of constraints. Each 
constraint module ensures that the particular constraint it represents 
is not violated. 

The initialization structure (figure 4.33) puts initial stones in 
places in the precedence structure just like transitions and resets 
itself as the stones are used up by transitions. 

4.7 Naming Scheme for Signals 

To facilitate discussion, a uniform naming scheme has been adopted 
for signals. The ports of modules are uniquely identified by m^p 

where m, refers to the module and p identifies the port of the 

module. Moreover m. :px.t refers to a signal on sublink x at port 



ni, naiut ol a module, 
k 



n;iiiii o! the port or the 
mo da ie . 

name 01 the sub- link i.e. 
null, e, e, cl or s. 

type, of the signal 

r - ready signal 

a - acknowledge signal 

an- negative acknowledge 
s i gna 1 

ap- positive acknowledge 
signal 



J' i mire 



Signal Naming Scheme 
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p of the module n^, and t gives the type of the signal that is, 
t indicates whether the signal is a ready signal, an acknowledge signal, 
a positive acknowledge signal or a negative acknowledge signal (figure 
4.8). Therefore a signal m^le.an refers to a negative acknowledge 
signal on sublink e of port 1 of module m^ If the link emerges 

from this port, then this signal is an input signal, otherwise it is 
an output signal. The link at port j of a module is often referred 
to as link j when the module is identifiable from the context. 

The types of modules in terms of which the coordination structures 
are derived are specified using a formalism called P-nets. This 
formalism should be viewed as a linguistic means for specifying the 
modules; natural language is not satisfactory for this purpose 
because specification of modules in them is both lengthy and imprecise. 
P-nets are essentially coordination nets written in a different form. 
These nets are introduced in the next section. 
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4.8 P-nets 

Definition A P-net is a directed graph defined by a tuple 

«N, P, L, B° >, Ct > where 

N = fn 1 ,...,n } is a finite set of nodes of type 

*■ l n 

"signal" (in the interpretation of 
the nets signals are associated 
with these nodes). 

P = fp lS ...,p } is a finite set of nodes of type 

L i m 

"place" 

L = [A..,..., A } is a finite set of directed links of 

the form <x,y > which connect signal 
nodes to other signal nodes, places to 
signal nodes and signal nodes to places 
(note that places are not directly con- 
nected to other places by links). 




B c p is the set of places having stones 

initially. 



Ct c: (P(P) is a contraint set over nodes (places) 
in P. 
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A link is said to be a precedence link if it connects a signal 
node to another signal node, a conflict link if it connects a place 
node to a signal node, and a loader link if it connects a signal 
node to a place node. That is, a link < x,y > is a precedence link 
if x £ N and y e N, a conflict link if x € P and y e N, and a 
loader link if x e N and y e P- To enhance the transparency of the 
P-nets these links are drawn differently - a precedence link is drawn 
with a standard arrow, a conflict link is drawn with a solid arrow, a 
and the loader link is drawn dotted. 

An interpretation for a P-net refers to an association of signals, 
not necessarily distinct, with the signal nodes (figure 4.9 and 4.11). 
Some of the signal nodes may not be associated with any signal at all. 
A node which is not associated with any signal is said to be a null 
node. In P-nets, the signals associated with signal nodes are written 
in place of the nodes themselves. 

In the simulation of P-nets, the signal nodes act as transitions 
in coordination nets. The signal nodes of a P-net are of three types: 
i) input signal nodes ii) output signal nodes and iii) internal 
nodes. In a P-net specifying an asynchronous module or an asynchronous 
system the signals associated with input signal nodes correspond to 
the input signals the system can accept and the signals associated 
with the output signal nodes are the signals which the system may send 
out. An input signal node can occur only when the associated input 
signal is received by the system, and when it occurs the node is 
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said to accept that input signal. An input signal can be accepted only 
by one input signal node. Thus even when more than one input signal 
node associated with an input signal is ready to occur, only one of 
them can occur. An output signal node occurs whenever it can occur, 
and its occurrence causes the system to send out the associated signal. 
A P-net corresponds directly to a coordination net. The coordina- 
tion net corresponding to a P-net is obtained by i) replacing the 
signal nodes by transitions ii) replacing the precedence links by 
places each with one incident link and one emerging link, iii) intro- 
ducing a place for each signal and iv) drawing arcs from the places 
corresponding to input signals to the assocated input transitions, and 
drawing arcs from the output transitions to the places corresponding 
to the associated output signals (figure 4.10). The place nodes in 
the net are left untouched. A signal is sent to the system by placing 
a stone in the place associated with that input signal, and the net 
sends out signals by placing stones in the places associated with the 
output signals; the input-output places are the boundaries through which 
the system interacts with other systems connected to it. A P-net is 
merely a concise way of drawing the coordination nets (figures 4.9 and 
4.10); therefore in a formal sense, the simulation of a P-net corresponds 
to the simulation of the coordination net it represents. Simulation of 
a P-net can also be described directly by the following rules: 

i) Initially only those signal nodes which have no incident precedence 
links and all of whose input places have stones are ready to occur. 
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ii) An input signal node does not occur until the associated input 
signal is received by the system, and in the process of oecuring the 
input signal node is said to use up the signal. 

iii) When a signal node occurs, it gives permission to all signal nodes 
that are its immediate successors by precedence links to occur, and 
puts stones in its output places. 

iv) A signal node becomes ready to occur when it has permission to 
occur from all immediate predecessor signal nodes, its input places 
have stones and, if it is an input signal node, the system has 
received the associated input signal but this input signal has not been 
accepted by some other signal node. If the stone from an input place 
of a ready signal node should be removed by some other signal node, the 
ready status of the node is suspended until the place gets a new stone. 
Similarly if the input signal associated with a ready input signal node 
should be accepted by some other signal node, the ready status of the 
node is suspended until a new input signal is received. 

v) The occurrence of an output signal node causes the system to send 
out the output signal associated with that node. 

Figures 4.9 and 4.11 show two P-nets. The P-net of figure 4.9 
specifies the wye module discussed ealier and figure 4.11 specifies 
a more complicated module called the IT-module. The operation of these 
P-nets is explained below. In these P-nets the input signals are under- 
lined as an aid to understanding. 
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In the P-net of figure 4.9, no signal node is ready to occur 
until signal O.r is received, that is a ready signal is recieved on 
link of the module. When this ready signal is received, signal 
node n 1 accepts the input signal by occurring, and gives nodes n 

and n„ permission to occur. Nodes n and n are output nodes; 

their occurrence causes the module to send out ready signals on links 

1 and 2. When these ready signals are acknowledged, signal nodes 

n. and n,. occur permitting node n, to occur. The occurrence of 
4 5 6 

node n, causes the module to acknowledge the ready signal on link 0, 

and the action of the module is completed as it returns to its initial 

condition. 

Figure 4.11 shows a P-net for a more complicated module. This 

P-net has situations where signal nodes conflict. For example, signal 

nodes n , n„ and n„ conflict as they share a common input place p. 

When place p has a stone, one of these nodes occurs depending on which 
signal is received first. In the case that signals associated with more 
than one of these nodes are received at the same time, the module picks 
one of the nodes arbitrarily. 
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4.9 The Modules 

The asynchronous modules used in construction of coordination nets 
are specified in this section. 

P-module 

A P-module is used in the construction of a place structure and 
in transforming a simple link into a triple link. The P-module has 
one incident simple link and one emergent triple link. A schematic 
diagram of the P-module and its P-net specification are shown in 
figure 4.12 . Upon receiving a ready signal on the incident link, the 
module sends an enable signal on the emergent link. When this enable 
signal is acknowledged, the module sends a stone signal on the emergent 
link, and finally when the stone signal is acknowledged, the module 
acknowledges the ready signal on the incident link and returns to its 
initial condition. Note that the disable sublink of the emergent link 
is not used by the module. 

IP -module 

The IP-module is for disjunctive fan-in of simple links. It is 
used in conjunction with a P-module to accomodate multiple incident 
links - whence the name "IP". The function of the IP-module is to 
connect (logically) an incident link to the emergent link when a ready 
signal is received on the incident link. The connection remains in 
effect for one communication cycle on the link. The P-net specifica- 
tion of the IP-module is shown in figure 4.13 . 
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EP- module 

The EP-module is for fan-out of the triple link emergent from a 
P-module. The function of the EP-module is to send enable signals on 
the emergent links when an enable signal is sent to it on the incident 
link, and to send a stone signal to one of the emergent links and a 
disable signal to the other emergent link when a stone signal is sent 
to it depending on which of the emergent links acknowledges the enable 
signal first (figure 4.14). The operation of the EP-module is described 
in detail below. 

On receiving an enable signal on the incident link, the module 
sends enable signals on the emergent links. In the case of an EP- 
module in a place structure of a coordination net, the enable signal 
on the incident link indicates that a stone has arrived at the place, 
and the information about the arrival of the stone should be sent to 
the transitions; the EP-module sends this information to the transitions 
by sending enable signals on the emergent links. At this point one 
of two things may happen: i) some transition may acknowledge the enable 
signal indicating that it has claimed the stone, or ii) a disable signal 
may be received on the incident link indicating that the stone has been 
claimed by some transition other than those associated with the emergent 
links. If a disable signal arrives first, the module sends disable 
signals on the emergent links, and when these disable signals and the 
enable signals are acknowledged, it acknowledges the enable and disable 
signals on the incident link. 
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In case a disable signal is not received on the incident link 
before an enable signal is acknowledged on an emergent link, the 
following happens. If the acknowledgement is received on link 1, the 
module is in a way claimed by that link, and therefore, the module 
acknowledges the enable signal on the incident link and sends a disable 
signal on the other emergent link. The module then waits for a stone 
signal on the incident link and for the completion of the communication 
cycle on the other emergent link. When this happens, the module sends 
a stone signal on link 1, the link which claimed the module. When 
this stone signal is acknowledged, the module acknowledges the stone 
signal on the incident link and returns to its initial condition. 

A communication cycle on a triple link involving a disable signal 
is said to be a void cycle, and one involving a stone signal is said 
to be a stone cycle. Thus the operation of the module can be restated 
as follows: if the module is given a void cycle on the incident link, 
the module gives void cycles to the emerging links, while if the module 
is given a stone cycle then it gives a stone cycle to that emerging 
link which acknowledges the enable signal first, and a void cycle 
to the other link. 

IT-module 

The IT-module is for conjunctive fan-in of triple links incident 
on the transition structures. Briefly speaking, the operation of the 
IT-module is to produce a stone cycle on the emergent link when it gets 
a stone cycle from each of its incident links. The P-net specification 
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of the IT-module is given in figure 4.15. The module is called an 
IT module because the module is used to converge the incident links 
on the T-module in the transition structure. 

When the module receives enable signals on both incident links, it 
sends an enable signal on the emergent link and waits for the enable 
signal to be acknowledged. If the module receives a disable signal 
on any of the incident links while it is waiting for the enable signal 
on the emergent link to be acknowledged, it takes the following action: 
Consider the case when the module receives a disable signal on link 1. 
In this case, the module sends a disable signal on the emergent 
link and waits for the enable and disable signals to be acknowledged. 
The effect of this disable signal on the structure connected to the emer- 
gent link is to request acknowledgement of the enable and disable signals. 
On receiving these acknowledge signals, the module acknowledges the enable 
and disable signals on link 1 and returns to the condition it would be 
in if the enable signal (on link 1) had not been received. 

If no such disable signal is received before the enable signal 
on the emerging link is acknowledged, the module proceeds with the 
following action. It acknowledges the enable signals on both incident 
links and waits for stone signals from them. When stone signals are 
received, it sends a stone signal on the emergent link and waits for 
the stone signal to be acknowledged. When the stone signal is acknow- 
ledged, the module acknowledges the stone signals on both incident links 
and returns to the initial condition. 
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T-module 

The T-module plays a central role in the transition structure. 
In addition to the T-module, a transition structure has an IT-module 
for a conjunctive fan- in of incident links and an ET-module for fan- 
out of the emergent link; link of the T-module comes from the 
IT-module and link 4 goes to the ET-module. Links 1 and 2 of the 
T-module go to the constraint structure and conflict structure 
respectively (figures 4.7 and 4.16). If the transition is an output 
transition, link 3 of the module goes to the external world, otherwise 
it is terminated by a sink module. 

The function of the T-module is to get permission from the 
constraint and conflict structures on behalf of the transition it 
represents and to initiate and terminate the transition. A P-net 
specification of the T-module is shown in figure 4.16 . If the reader 
remembers the operation of the transition structure from the overview 
given earlier and is able to understand the P-net of the T-module he 
may skip the following explanation of the operation of the T-module. 

When an enable signal is sent to the T-module on link 0, it sends 
a request to the constraint structure by sending an enable signal on 
link 1, and waits for this signal to be acknowledged, that is it waits 
for a permission from the constraint structure. While the module is 
waiting for this signal, it may receive a disable signal on link 0. If 
such a disable signal is received, the module sends a disable signal on 
link 1 to cancel the request to the constraint structure. As a result 
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the constraint structure acknowledges both the enable and the disable 
signals. On receiving these acknowledge signals the module acknow- 
ledges the enable and disable signals on link 0. 

If a disable signal is not received on link before the enable 
signal on link 1 is acknowledged, the module sends an enable signal to 
the conflict structure on link 2 and waits for the signal to be acknow- 
ledged. As in the previous case if a disable signal is received on link 
before the enable signal is acknowledged, the module sends a disable 
signal on link 2. The effect of this disable signal on the conflict 
structure is to obtain acknowledgement of the enable and disable signals. 
When these acknowledge signals are received, the module acknowledges the 
enable and disable signals on link 0. 

If a disable signal is not received on link 0, the module proceeds 
with the following action on receiving an acknowledgement for the enable 
signal on link 2. It acknowledges the enable signal on link and waits 
for a stone signal on that link. On receiving the stone signal, the 
module sends a disable signal on link 2 to complete the communication 
cycle on link 2, and on completion of the cycle, that is on receiving 
acknowledgement for the disable signal, the module initiates the 
associated transition by sending a ready signal on link 3, and waits 
for the ready signal to be acknowledged. When the ready signal is 
acknowledged, the module proceeds with the termination of the transi- 
tion by acknowledging the stone signal on link and sending a ready 
signal on link 4. The module then waits for the ready signal on link 4 
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Operation of Constraint, Conflict and Initialization Structures 

As the modules discussed next are used in these structures, an 
overview of the arrangement of modules in them and some understanding 
of their operation should be helpful. The arrangement of modules in 
these structures is shown in figures 4.31, 4.32 and 4.33 respectively., 

In the constraint structure (see figure 4.31) the mixed-triple 
links are associated with the classes of constraint equivalent places 
(see Chapter 3), while the constraint modules are associated with the 
constraints specified by the constraint set of the net. The mixed- 
triple links originate from R-modules. The double links from constraint 
equivalent transitions are combined in an IR-module before giong to the 
associated R-module (recall that output places of constraint equivalent 
transitions are constraint equivalent). 

A transition sends a request to the constraint structure by send- 
ing an enable signal. If the constraints associated with the output 
places of the transition are already in force on account of some other 
constraint equivalent transition, the IR-module grants the request imme- 
diately by acknowledging the enable signal. If the constraints are not 
in force, the IR-module forwards the enable signal to the R-module to 
begin the process of establishing the constraints. Upon receiving the 
request, the R-module sends a check signal on the mixed-triple link. If 
the check signal is acknowledged negatively, the R-module sends a fresh 
check signal; this continues until the R-module either gets a positive 
acknowledgement for the check signal or receives a disable signal on the 
incident link. Upon receiving a positive acknowledgement for the check 



90 



signal the R-module sends an enable signal on the mixed-triple link. A 
positive acknowledgement of the enable signal means that the constraints 
associated with the transition have come into force. The R-module then 
acknowledges the enable signal on its incident link, and the acknowledge 
signal reaches the transition through the IR-module. A negative acknow- 
ledgement for the enable signal implies that the R-module should start 
all over again by sending a check signal. 

From the time the enable signal is acknowledged positively on 
the mixed-triple link to the time a disable signal is received on it, 
the link is said to be active. A contraint module ensures that not 
all of the links incident on it are active at the same time. In this 
way the constraint modules enforce the constraints associated with them. 

The conflict structure (figure 4.32) has double links, associated 
with transitions, which pass through conflict modules. In the conflict 
structure, there is one conflict module for each conflict cluster of 
transitions in the net. Two conflicting transitions, therefore, have at- 
least one conflict module in common. Thus if two conflicting transitions 
send enable signals to the conflict structure, only one of them is per- 
mitted to proceed as a conflict module common to them permits enable 
signal from only one of them to proceed; the other enable signal is 
blocked at that module. 

The task of the initialization structure is to set up the initial 
constraints and to send signals equivalent to stones to the places 
in the structure that correspond to the places in the net that have 
initial stones. 
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IR-module 



The IR-module is used to connect the double links from (constraint 
equivalent) transitions to the R-module that is associated with these 
transitions. The function of the IR-module is to request the R-module 
to set up the associated constraints upon receiving a request from a 
transition. In a way the IR-module performs a logical OR operation - 
it causes the constraints to be established when a request is received 
from a transition associated with either of the incident links, and it 
relinquishes the constraints only when none of the transitions need 
the constraints. The P-net specification of the IR-module is shown 
in figure 4.21 . 

When the module is in the idle condition, and a transition sends 
a request to it by sending an enable signal on one of the incident links, 
the module sends out an enable signal on the emergent link and waits for 
the signal to be acknowledged. When the module receives this acknow- 
ledge signal it acknowledges the enable signal on the incident link 
making the link active. If the other link also sends an enable signal 
at this point, the module immediately acknowledges this signal; the 
emergent link of the module is now in the active condition on account 
of both incident links. So long as either of the incident links is 
active the module does not disable its emergent link. When both links 
are disabled, the module disables the emergent link by sending out a 
disable signal. This disable signal is acknowledged in due time and 
the module returns to its initial condition. 
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Constraint Module 

The constraint ( const ) module has a number of pairs of incident- 
emergent mixed-triple links (figure 4.23) . If a mixed-triple link is 
said to be in enabled condition during the interval between the occur- 
rence of an enable signal and the occurrence of either a negative 
acknowledge signal on the enable sublink or a disable signal on the 
disable sublink, a simplefied statement of the operation of the cons- 
traint module is possible. The constraint module terminates signals on 
the incident links to ensure that not all of the emergent links of the 
module are in enabled condition at the same time. Alternatively, the 
module prevents all of the incident links from being active at the same 
time where a link is said to be active if the enable signal has been 
acknowledged positively and the disable signal has not been received. 
The P-net specification of the module is given in figure 4.23 . In the 
following discussion the constraint module is said to be saturated 
when all but one of its emergent links are either enabled or active. 

In the constraint structure the R-module sends a check signal on 
the mixed-triple link to determine if and when it should send an enable 
signal to try to bring into force the constraints associated with it; 
the R-module sends an enable signal only on receiving a positive 
acknowledgement for the check signal. The constraint module, if it is 
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not saturated, sends the check signal to the emergent link, otherwise 
it blocks the check signal until it becomes unsaturated. On sending a 
check signal on the emergent link if it receives a positive acknowledge- 
ment, it returns a positive acknowledgement for the check signal on the 
incident link. On the other hand if it receives a negative acknowledge- 
ment or it is saturated when the acknowledgement is received, it returns 
a negative acknowledgement for the check signal on the incident link. 

In response to an enable signal, the module sends an enable signal 
on the emergent link if it is not saturated, otherwise it returns a 
negative acknowledgement for the enable signal immediately. 

The effect of a disable signal received on an incident link is to 
force the part of the module associated with that link to reset to the 
initial condition after completing the communication cycle on the 
emergent link. 

The constraint module presented here is a composite module in that 
it has n incident -emergent link pairs. This module can be constructed 
in a manner similar to that presented in reference [14] . 

Conflict Module 

The conflict module has a number of incident -emergent double link 
pairs. The conflict module allows only one of the emergent links to be 
in enabled condition at a time. If more than one of the incident links 
send enable signals to the module, it arbitrarily allows only one of 
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the enable signals to proceed to the corresponding emergent link and 
blocks the other enable signals. In this case the module is said to 
be engaged by that link, and as long as the module is engaged by that 
link, it blocks enable signals received on the other links. The P-net 
specification of the conflict module is given in figure 4.24 . 

The disable signal on a link instructs the module to acknowledge 
the enable signal even if it is blocked. If the disable signal is on 
the link which has engaged the module, the module is released so that 
it may be engaged by some other link which might be waiting to engage the 
the module. 

The conflict module is also a composite module. It can be con- 
structed from elementary modules in the manner presented in 
reference [14] . 

Junction Module 

The junction module froms a conjunctive fan-in of simple links. 
Upon receiving enable signals on both incident links, it sends an 
enable signal on the emergnet link and waits for an acknowledge signal, 
and when the acknowledge signal is received it acknowledges the enable 
signals on the incident links. The P-net specification of the junc- 
tion module is shown in figure 4.25 . 
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i -module 

The _i-module, initialization module, has three links: two single 
links and one double link (figure 4.26) . The coordination structures 
use jL-modules in their initialization structures (figure 4.33). Link 
of an _i-module goes to the constraint structure, link 2 goes to the 
places to be initialized and link 1 goes to a junction module 
(figure 4.33). 

To establish the initial constraints, the i-module sends an enable 
signal to the constraint structure on link 0. When this enable signal 
is acknowledged, it sends a ready signal to the junction module to 
indicate that the constraints associated with that i-module have been 
established. When all ^-modules in the initialization structure 
send ready signals to the junction module, the junction module acknow- 
ledges all signals to indicate that the i-modules may proceed to 
initialize the places by sending. ready signals on link 2 of the modules. 
On receiving acknowledgement for the ready signal on link 2, the 
module relinquishes its hold on the constraints by sending a disable 
signal to the constraint structure. 



102 



Composite Modules 

Unlike the elementary modules which have a predetermined number 
of links, the composite modules have an arbitrary but finite number 
of links. The composite modules are constructed from the elementary 
modules by connecting a number of elementary modules (figure 4.27). 

4.10 Hardware Implementation of the Modules 

This thesis does not go into hardware implementation of the 
modules specified in this chapter, but a discussion on this topic is 
given in Appendix I. Even though the modules communicate with each 
other asynchronously, they can be synchronous internally. In this type 
of design, the inputs of the module are sampled at regular intervals, 
and on the outcome of sampling, the new outputs are produced using a 
combinational circuit. Modules designed this way are slow in operation. 
The author believes that a neet implementation of these modules in 
terms of elementary building blocks, called micro-modules, can be 
worked out (see Appendix I and reference 15). Micro-modules are ele- 
mentary circuits for performing logical operations on signals where 
signals are represented by changes in levels of wires rather then the 
levels themselves. 

4.11 Coordination Structures 

The substructures of coordination structures were briefly described 
in section 4.3 . A detailed description of the structures and a method 
for obtaining them from the nets are presented in this section. 
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It should be recalled that the precedence structure implements 
precedence among events making sure that an event does not occur until 
those events which should precede it have indeed occured, the constraint 
structure ensures that the constraints are not violated, the conflict 
structure resolves conflicts among transitions if and when they arise, 
and the initialization structure establishes the initial condition in 
the precedence and constraint structures to correspond to the initial 
condition of the net. 



Precedence Structure 

A precedence structure is obtained from the coordination net by 
substituting modular structures called place structures and transition 
structures for the places and transitions in the net (figures 4.28, 4.29 

and 4.30). 

In the place structure the P-module is identified with the place 
in the coordination net. The IP and EP modules accomodate multiple fan- 
in and fan-out of the incident and emergent links. A place structure 
has an incident link from the initialization structure if the associat- 
ed place has an initial stone. The other links incident on a place 
structure come from transitions for which that place is an output place. 
The links emergent from a place structure go to the transitions for 
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which that place is an input place. Thus the links other than the one 
from the initialization structure correspond to arcs in the net. In a 
transition structure (figure 4.29), the T-module is identified with a 
transition in the coordination net, and associated IP and EP modules 
accomodate multiple fan- in and fan-out of the incident and emergent 
links. If the transition is an input transition, it has an incident 
link from the external world which is first converted into a triple link 
before it is made incident on the IT-module as the incident links of 
the IT-modules must be triple links. If the transition is an output 
transition, link 3 of the T-module goes to the external world, other- 
wise it is terminated by a sink module. Links 1 and 2 of the T-module 
go to the constraint and conflict structures respectively. The links 
incident on the structure, other than the link from the external world, 
come from the place structures corresponding to the input places of the 
transition, and the emergent links go to the structures corresponding 
to output places of the transition. 

Constraint Structure 

The constraint structure has a mixed-triple link associated with 
each class of constraint equivalent places which participate in con- 
straints; the mixed-triple links originate at R-modules and pass through 
a set of constraint modules before they are terminated by sink modules 
(figure 4.31). The IR-modules in the structure accomodate multiple 
fan- in of incident links on the R-modules which come from transition 
structures in the precedence structure and initialization modules in 
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the initialization structure. The link from a transition structure 
goes to the R-module associated with the equivalence class of places 
to which the output places of the transition belong (note that the 
output places of a transition belong to the same equivalence class 
because the nets have been transformed into homogeneous nets). The 
mixed-triple link emergent from the R-module passes through a set of 
constraint modules which are associated with the constraints in which 
the equivalent class of places assoicated with the link are involved. 
The constraint modules correspond to the members in the reduced con- 
straint set RP(Ct) derived from the constraint set Ct (see Chapter 3). 
Each member of RP(Ct) denotes a set of equivalence classes of places 
which should not be active at the same time. The operation of the 
constraint structure is explained in the next section. 

Conflict Structure 

The conflict modules in the conflict structure are associated 
with the members in the set of conflict clusters (figure 4.32). It 
should be recalled that a cluster consists of a maximal set of transi- 
tions which mutually conflict. The input link associated with a tran- 
sition goes through the constraint modules associated with the clusters 
which involve that transition. After the last conflict module the 
links are terminated by sink modules. The links associated with tran- 
sitions which do not conflict with any transition are directly termina- 
ted by sink modules. 
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Initialization Structure 

The initialization structure has k + 1 initialization modules 
corresponding to the k + 1 constraint equivalence classes of places in 

B , the set of places which have stones initially (figure 4.33). 
Link 1 of the initialization modules, except that of the module i Q , go 
to the R-modules in the constraint structure associated with the 
corresponding equivalent classes of places. Link 1 of the initializa- 
tion module _i n is terminated by a sink module because this module 
corresponds to the places in P n , the set of places which do not 
take part in the constraints. Link 2 of the initialization modules 
go to a junction module which is terminated by a sink module, and link 
3 of the modules go to the places associated with them. The function 
of the junction module is to prevent the initialization module from 
putting stones in the places before initialization of the constraint 
structure has been completed. 

4.12 Operation of Coordination Structures 

The operation of coordination structures was briefly described 
earlier in this chapter. In this section a more complete description 
of the operation is presented. 

The functions performed by the parts of the coordination struc- 
tures are as follows: the precedence structure implements the prece- 
dence relationship among the events, the constraint structure enforces 
the constraints, the conflict structure resolves conflicts among tran- 
sitions and the initialization structure sets up the initial condition 
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of the structure. 

In the precedence structure, a ready signal on a link incident 
on a place structure corresponds to a stone. The ready signal reaches 
the P-module in the structure through the IP-module. Upon receiving 
the ready signal, the P-module sends enable signals to the transitions 
to inform them of the arrival of the stone, and depending on which 
transition acknowledges the enable signal first, the place structure 
sends a stone signal to that transition and disable signals to others. 
The stone signal is not sent until the disable signals have been ack- 
nowledged by the transitions that are disabled. It seems that the 
signals from the transition acknowledging the enable signals are in. a 
race to claim the stone at the place, but this is not so because in 
the case of a conflict the conflict structure permits only one of the 
transitions to acknowledge the enable signal, and prevents others from 
acknowledging the enable signal until they are disabled. 

In the transition structure, the IT-module sends an enable signal 
to the T-module only when it receives enable signals on all incident 
links, that is when all input places of the transition indicate that 
they have stones. On receiving an enable signal from the IT-module, 
the T-module sends a request to the constraint structure by sending an 
enable signal on link 1. If the output places of the transition do not 
take part in constraints, this link is terminated by a sink module, 
and the enable signal is immediately acknowledged, that is the tran- 
sition immediately gets permission from the constraint structure. If 
the output places of the transition take part in constraints, the 
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constraint structure witholds acknowledgement of the enable signal 
until the output places of the transition can be admitted to the set of 
active places without violating the constraints, or until it receives 
a disable signal from the transition indicating that the transition 
is being disabled. 

On receiving permission from the constraint structure, the T-module 
sends a request to the conflict structure by sending an enable signal on 
link 2. If conflicting transitions send requests to the conflict 
structure, the conflict structure gives permission to only one of them 
by acknowledging the enable signal; acknowledgement of the enable signals 
from other conflicting transitions is witheld until they are disabled. 
In granting permission to a transition the conflict structure blockades 
the transitions in conflict with the transition, i.e., requests from 
those transitions will be blocked if and when they are made. On receiv- 
ing permission from the conflict structure, the T-module acknowledges 
the enable signal on link 0. This acknowledge signal reaches all inci- 
dent places of the transition through the IT-module. Thus the transi- 
tion that is given permission by the conflict structure is able to 
claim the stones at its input places as these acknowledgement signals 
are guaranteed to be the first to arrive at the places because the 
other transitions are blockaded in the conflict structure. When the 
stone at a place is claimed by a transition, the place structure sends 
disable signals to the other transitions for which the place is an input 
place in order to disable them. When all of there transitions are dis- 
abled, that is the transition structure and the parts of the constraint 
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and the conflict structures which are associated with these transitions 
are disabled, the place sends a stone signal to the transition which 
claimed the stone. 

On receiving stone signals from all input places, the IT-module 
sends a stone signal to the T-module. The T-module then terminates the 
blockade set up in the conflict structure on its behalf by sending a 
disable signal, and initiates the transition by sending a ready signal 
on link 3. If the transition is an output transition, this signal goes 
to the external world, otherwise it is immediately acknowledged by a 
sink module. In case the transition is an output transition, the ready 
signal is acknowledged by the external world when the associated event 
has occurred. Upon receiving the acknowledge signal, the T-module ter- 
minates the transition by acknowledging the stone signal on link and 
sending a ready signal to the ET-module on link 4. The ET-module then 
sends ready signals to the output places of the transition. These 
ready signals correspond to stones. 

The ready signal, representing a stone, sent to a place by the 
transition structure is acknowledged when the stone is picked up by some 
other transition. The ET-module returns an acknowledge signal to the 
T-module when it receives acknowledge signals from all output places of 
the transition. The T-module then disables the part of constraint struc- 
ture associated with it and the action is completed. It should be 
noticed that the conflict structure is used to prevent conflicting 
transitions from claiming stones when a transition is given permission 
to initiate, and the constraint structure keeps the constraints associa- 
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ted with the output places of the transition in force until all stones 
put out by the transition are picked by some other transitions. More- 
over a transition which sends a request to the conflict structure either 
promptly gets permission or is promptly disabled by a conflicting tran- 
sition Therefore a transition is never blocked indefinitely in the 
conflict structure. The constraint structure however block a transi- 
tion for as long as its output places cannot be added to the set of 
active places without violating the constraints. 

The details of operation of the constraint structure is given 
below. A transition (and an initialization module) requests per- 
mission from the constraint structure by sending an enable signal to 
the constraint structure. Upon receiving the request the constraint 
structure tries to bring into force the constraints associated with the 
output places of the transition, and answers the enable signal only 
when the constraints are brought into force unless the request is can- 
celled by a disable signal in the mean time. If the emergent link of the 
IR-module on which the link is incident is already in active condition 
(i.e. the enable signal has been acknowledged but a disable signal has 
not been received) the constraints are already in force, and the IR- 
module immediately acknowledges the enable signal. Ii the constraints 
are not in force, the IR-module sends an enable signal to the R-module 
unless it has already done so on account of some other incident link. 
The task of the R-module is to try to bring into force the associated 
constraints by sending appropriate signals to the constraint modules 
on the emergent mixed-triple link (figures 4.3 2 and 4.34). 



117 




4 




input 
condition 



from the 
external 
world 



to the event 
>f controlled by 
the transition 



Precedence Structure 






>*n 



ip 




T — => P 



/ \ 

db m 



jun 



4D 



Initialization 
Structure 



Constraint 
Structure 




Conflict 
Structure 



Figure 4.34 Coordination Structure 



118 

On receiving an enable signal, the R-module sends a check signal, 
a ready signal on the check sublink, on the mixed-triple link to deter- 
mine if it should send an enable signal. A constraint module which is 
saturated, meaning all but one of whose mixed-triple links are active, 
blocks the check signal until it becomes unsaturated. When the check 
signal reaches the sink module it is acknowledged by a positive ack- 
nowledge signal. This signal travels back to the R-module, but if in 
passing through the conflict modules it encounters a saturated module, 
it is changed to a negative acknowledge signal. Thus the R-module may 
receive either a positive or a negative acknowledge signal in response 
to the check signal. In case of a negative acknowledge signal, the 
R-module sends a new check signal after completing the communication 
cycle, that is after completing a cycle on the disable sublink. In case 
of a positive acknowledge signal, the module sends an enable signal after 
completing the communication cycle. Since the condition of the constraint 
modules connected with the link is checked to be unsaturated just before 
the enable signal is sent, the enable signal is likely to reach the 
sink module unobstructed where it is acknowledged positively, but if 
the enable signal encounters a saturated constraint module, it is 
immediately acknowledged negatively by the module and the R-module has 
to start all over again by sending a check signal. In case the enable 
signal is acknowledged positively, the R-module acknowledges the enable 
signal on the incident link to inform the IR-module that the constraints 
have been brought into force. The IR-module then acknowledges the enable 
signals on the incident links which are waiting to be acknowledged. 
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On receiving a disable signal on an incident link, the IR-module 
immediately acknowledges the enable and disable signals on the link if 
the constraints are in force on account of the other incident link as 
well. If the other incident link is either idle or is in disabled condi- 
tion, that is it does not need the constraints, the module sends a disable 
signal to the R-module unless it has done so already (on account of a 
disable signal on the other incident link). On receiving the disable 
signal, the R-module immediately proceeds to complete the communication 
cycle on the emergent mixed-triple link by sending a disable signal. The 
disable signal causes the constraint modules to immediately acknowledge 
the signals. The R-module then acknowledges the signals waiting to be 
acknowledged on the incident links on which disable signals were received. 

Thus on receiving a disable signal on an incident link, the con- 
straint structure relinquishes the claim of that link on the associated 
constraints, and when no incident link associated with an R-module has 
claim on the constraints, the constraints are lifted. 

The conflict structure has a set of conflict module, one for each 
conflict cluster (figure 4.32). Thus transitions that mutually con- 
flict have at least one conflict module in common. If a conflict module 
is idle and an enable signal is received on an incident link, the module 
allows the enable signal to pass through it and becomes engaged to that 
link. If more than one incident link sends enable signal to a conflict 
module at the same time, the link which engages the module is arbitrarily 
selected by the module. The module remains engaged to that link until 
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a disable signal is received on the link, at which time the module becomes 
free to be engaged once again. Enable signals sent to an engaged conflict 
module are blocked by the module. Thus in giving permission to a transi- 
tion, the conflict structure blockades the conflicting transitions in 
that any requests from them are blocked. It should be recalled that a 
transition which is given permission by the conflict structure disables the 
conflicting transitions by claiming its input stones. Thus a transition 
which sends a request to the conflict structure either gets permission 
promptly or is promptly disabled by a conflicting transition. 

The initialization structure first initiates the constraint struc- 
ture by sending enable signals to the constraint structure. The con- 
straint structure then brings into force the constraints associated with 
the places having stones initially and acknowledges the enable signals. 
As the initialization modules receive the acknowledge signals, they send 
ready signals to the junction module. The junction module acknowledges 
these signals when it receives signals from all initialization modules. 
Thus the junction module ensures that the initialization modules do not 
begin the action of placing stones in places before constraints associated 
with all places having initial stones are established in the constraint 
structure. On receiving acknowledge signals from the junction module, 
the initialization module sends stones to the places in the set B by 
sending ready signals to the corresponding place structure. The simulation 
of the coordination structure begins as soon as stones are placed in places. 
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Simulation of the coordination net continues with initiations and 
terminations of transitons until a condition is reached when none of 
the idle transitions can be initiated until an input is received from 
the external world. m this case the simulation of the net awaits the 
input signal, and when the input signal is received, the simulation 
continues once again with initiations and terminations of transitions. 

The next chapter gives informal proof of correctness of operation 
of coordination structures, and may be skipped without loss of conti- 
nuity. 



CHAPTER 5 
CORRECTNESS OF COORDINATION STRUCTURES 



5.1 Introduction 

This chapter is devoted to prooving that the coordination struc- 
tures implement the coordination nets correctly. Before the proofs are 
undertaken, a formalism for giving a precise meaning to correctness of 
coordination structures and for use in the proofs is introduced below. 

5.2 Initiation- termination Histories of th e Coordination Nets 
Initiation and termination of transitions was explained earlier in 

Chapter 2 . Initiation and termination of input conditions and events 
is explained as follows. An input condition is said to initiate the 
moment the external world indicates to the net that the input condition 
has been attained, and the input condition is said to terminate when the 
net signals the external world that the input condition has been recor- 
ded. Initiation and termination of events correspond to their initiation 
and termination in the external world. Initiation-termination history of 
anyone of these entities, as for example a transition, is a sequence of 
initiations and terminations of that transition. The first element in 
the sequence is an initiation, and the initiations and terminations 
alternate. The initiations and terminations of a transition t ± are 
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denoted by t! and t£, that of an input condition c.. by c^ and 
cV, and that of an event e k by e^ and e£ respectively. Thus the 
initiation-termination histories of a transition t ± are members of the 
set of strings (t. 1 t 1 . 1 )* (tj + M • An initiation- termination history 
of a net is an ordered set of strings denoting histories of the transi- 
tions, input conditions and events associated with the net (figure 5.1). 
A history is reached through a succession of time slices (figure 5.1). 
The history up to a time slice T (i.e. at time T ) is denoted 
by H T . A slice T is said to be a successor to slice T^ if the 

individual strings in H are equal to or longer than the correspon- 

T l 
ding strings in H by at most one unit and there is at least one 

T T l 

string in H 2 that is longer than the corresponding string in H 



Terminology 

AT T denotes the set of transitions active at time slice T. Thus 

the set AT T consists of those transitions whose initiation-termination 

histories in H T are of the form (t't") t 1 , and it is given by 

AT(H T ). B T denotes the set of places having stones at time slice T. 

B T is also referred to as the stone distribution at time T, and can 
be determined from C and H T in the following manner. The difference 
between the number of stones at a place at time T and the initial 
condition is equal to the difference in the number of terminations of 
transitions for which that place is an output place and the number of 
terminations of transitions for which the place is an input place. From 
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C, the specification of the net, one knows which transitions have the 

place as an input and which have the place as an output place, and from 

f 
H one knows the number of initiations and terminations of these transi- 

T T 

tions until time slice T. Thus B is given by a function B(C,H ) . 

T 
B is the set of places with stones whose stones have been claimed 
c r 

T 
but have not been removed. In other words B is the set of places 

c 

which are input places of active transitions. Thus B = I(t-,) U •••• U 

T T T T 

I(t.) where AT = { t, .... t, j . B = B - B is the set of places 

K 1 K U C 

T T T 

with unclaimed stones. The sets B and B are denoted by B (C,H ) 

c u c 

T 
and B (C,H ) respectively. 

An input condition is said to be active during the time interval 

T 
between its initiation and termination. AC represents the set of 

active input conditions. An active input condition is said to be in 

condition active-q prior to the termination of the input transition 

associated with it, and in condition active-g after the termination of 

T T 

that transition. AC and AC fi represent the set of input conditions 

which are active-a and active-p respectively. These sets are given 

T T 

by AC (H ) and AC R (H ). An input- condition is said to be inactive 

T 
when it is not active. IC represents the set of inactive input condi- 

T 
tions. This set is given by the function IC(H ). 
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Definition 5.1 The set (a.,..., a ) is said to be an occurrence set if 

— — — — — — — ^— x xi ' 

a.,..., a are initiations and terminations of distinct transitions, in- 
i n ' 

put conditions and events. H[x..x . ..x ] where x n ,...,x are occur - 

12 n In 

rence sets, represents the history H -x.-x . ... .x where H is the 

12 n 

null history. 



Definition 5.2 The feasible initiation-termination histories of a coor- 
dination net C are defined as follows; 

1. A null history is a feasible history 

For a null history B = B , IC = Ci, IE = E and the 

u a 

other sets are empty, 

T 

2. If H is a feasible history then 

T 
i) H .t! is a feasible history if 

(a) I(t.) c B^ 

(b) d(AP T u 0(t i ),Ct) is true 
and 

rr 

(c) ic (t. ± ) e AC^ where interpretation I = <ie, ic> 

(see section 2.6) 
ii) H T . t 1 .' is a feasible history if 

(a) t. e AT T 

i 

and 

/,,.,, t Changes in membership 

(b) xe (t.) e lE a of there sefcs flre 

given in table 5. 1 

rr 

iii) H .C'. is feasible if C e IC T 
J J 

rr 

iv) H . C". is feasible if C. e AC T 
J J p 



v) H . e' is feasible if e, p IE T 
k k. fc p 

vi) H T .e^ is feasible if e e AE T 
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in 



IV 



AT IC AC AC n 

a (3 



.t] 

1 



. t. 

l 



. c . 
J 



-I(t.) I(t.) t. 



0(t.) -I(t.) -t. 



IE IE. 



AE 



-ie_(t. ) ie_(t. ) 



•ic(t. ) ic(t. ) 



■c . c . 



c . 

J 



-e, 



Table 5.1 Changes in membership of the sets with 
initiations and terminations 
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T ' T T 

Definition 5.3 If H = H • x where H is a feasible history and 
x = {ti,... f tj f ^... f t^c;,... f c; f c;\... f c^,...,e;.e^... f ep is 

T 1 T 

an occurrence set then H is adjacent to H if 



i) 



ii) 



(a) IO^),...,!:^.) are disjoint and I(t. ) U- • JJ I(t . ) c B T 

(b) A(AP T U 0(t i ) (J...U 0(t.), Ct) is true 

(c) [k(t.) ic(t.)}CAC T 

1 J or 



(a) {t k , ...,t x } c AT T 

(b) {ie(t k ),..., ie(t k )}c IE^ 

iii) (c m , ...,c n } c IC T 

iv) {c Q ,...,c ] c ACp 

v) {e q ,...,e r }c: IE J 

vi) fe s ,...,e t ] c AE T 

Definition 5.4 An occurrence sequence X = x.. x„ . . . x is a sequence 
of occurrence sets. 



Definition 5.5 The simulation sequences of a coordination net C are 
recursively defined as follows: 
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i) a null occurrence sequence is a simulation sequence 
ii) if the occurrence sequence X ^ = XjX 2 ••• x n _i is a simula " 
tion sequence of a net and H t x n ] > where X n = %- n _i x n > is 
a feasible initiation- termination history of the net adjacent 

to the history H[X J then X is a simulation sequence of 

J n-1 n 

the net. 

Definition 5.6 A simulation sequence X of a coordination net C is 
said to be a complete sequence if the initiation-termination history 
H[X] cannot be advanced by rules i and iv of definition 5.2; the 
simulation sequence is complete as regards initiations of transitions 
and terminations of input conditions. (A simulation sequence that is 
not complete is referred to as an incomplete simulation sequence.) 

Definition 5.7 A simulation sequence X (and the associated 
initiation- termination history H[X] ) of a coordination net C is said 
to be a terminal simulation sequence (history) if the initiation- 
termination history H[X] cannot be advanced by rules i, ii and iv of 
definition 5.2; that is, the simulation sequence is complete as regards 
initiation of transition, termination of input condition and termina- 
tion of transitions. 

The simulation of a coordination net consists in advancing a simu- 
lation sequence for the net by advancing the initiation-termination his- 
tory. Simulation of net is assumed to have the two properties described 
below. 
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Property i) The simulation is active ; that is if a simulation sequence 

T 
X (t refers to the time slice) is not a terminal sequence, 

then the simulation advances the simulation sequence by- 
advancing the initiation-termination history. 

Property ii) The simulation is attentive ; that is if termination of 

transitions is suspended (i.e. rule ii in the definition 
5.2 is suspended) following any simulation sequence X T , 
the simulation leads to a simulation sequence X that 
is complete (see definition 5 .6) . 

The properties above essentially state that the simulator, the 
agent simulating the net, does not sit idle. A (hardware) structure 
implementing a coordination net that has these properties will be said 
to be deadlock free. 

5.3 Signal Histories of the Coordination Strictures 

It should be recalled that signals on simple links are drawn from 
the alphabet {r,a}, where r is a ready signal and a is an ack- 
nowledge signal, and that a ready signal is carried in the direction 
of the link while an acknowledge signal is carried in the opposite 
direction. Since the first signal on a link must be a ready signal 
and since the ready and acknowledge signals alternate, the sequences 
of signals on a simple link are members of the set of strings 
(ra)"(M-r) where * is the Kleene star. The sequence of signals on 
a link until time t, that is time slice t , is said to be the 
signal history of the link at time t . 
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Similarly the signal history of a port is the sequence of signals at 
the port until time slice T . 

The signal history (or the total history) of a coordination struc- 
ture at a time T is an ordered set consisting of the signal histories 
at the head of the links incident on the structure, at the tail of the 
links at port 3 of the T-modules in the structure and at the head of 
the emergent links (figure 5.2). Signals on the incident links cor- 
respond to initiation and termination of input- conditions, signals 
at port 3 of the T-modules correspond to initiation and termination 
of transitions, and signals at the head of the emergent links corres- 
pond to initiation and termination of events. The signal history of 
a coordination net at time slice T is denoted by H . 

The structure produces a signal history through a succession of 
time slices. The time slices are associated with eposhs, i.e. steps 
in the progress of time viewed in terms of the occurrence of the sig- 
nals. A time slice T. is said to be a successor (i.e. an immediate 

successor) of a time slice t. if between the time slice T. and the 

i l 

time slice T . there is an occurrence of at most one signal on each 

link ( each row in the history - see figure 5.2 ). The signals between 
the two successive slices are coincident. If the signals are sub- 
scripted to indicate which transitions, input -conditions or events they 

are associated with, e.g., r indicates that the ready signal is 

i 
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signals at port 3 
of the T-modules 



1 

signals at the head 
of the links incident 
on the structure -* 

signals at the head 
of the links emergent 
from the structure k 



time slice 




an immediate 
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r a r a r 
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Figure 5.2 Total Signal History H 
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associated with transition t., signal occurrence set can be defined 
as a set of signals associated with distinct entities (transitions, 
input-conditions and events). A signal occurrence sequence is a 
sequence of signal occurrence sets (see definitions 5.1 and 5.4). 

If a = T (1) T (2) . . .T is a sequence of successive slices (where 
slice T(l) is a successor to the initial slice T(0)) for the signal 

history H T , then the signal occurrence sequence X = x^ - ■ ■ \ 

where x is the set of occurrences of signals between slices T(j-l) 
J 

T 
and T(j), is said to correspond to the signal history H for the 

T 
sequence of successive slices a, and is denoted by X(H ,a) 

If a structure produces signal history H through a succession 

of time slices a = t(1) t(2) ...t, then the signal occurrence sequence 

X(g T 5 a) is said to be a simulation sequence of the structure. 



5.4 Representative Histories and Occurrence Sequences 

A representative initiation-termination history for a signal history 
is obtained by substituting initiation and terminations of transitions, 
input- conditions and events for the signals in the history in the follow- 
ing manner: i) in the signal history corresponding to port 3 of the 
T-module associated with transition t , ready signals are replaced 
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by t' ± and acknowledge signals by t'.' , ii) in the signal history 

corresponding to incident link j, ready signals are replaced by 

c' and acknowledge signals by c'.' , and iii) in the signal history 

■J J 

corresponding to an emergent link k, ready signals are replaced by 
e£ and acknowledge signals by e" . Figure 5.3 shows the representa- 
tive initiation-termination history corresponding to the signal history 
of figure 5.2 . The representative history of a signal history H T 
is denoted by H(H T ). 

In a similar manner a representative occurrence sequence for a 
signal occurrence sequence is obtained by substituting initiaion and 
termination of associated transitions, input-conditions and events for 
the signals in the occurrence sets of the signal occurrence sequence; 
a signal r is substituted by t! . The representative occurrence 

sequence for a signal occurrence sequence X is denoted by X(X) . 
Similarly the representative occurrence sequence for a signal history 

T 
H reached through a sequence of time slices a = T(l) t(2) ,,,t, 

which is X(X(H ,cx)), is denoted by X(H T ,cr) . 

A simulation sequence X of a coordination net C and the 
simulation sequence X of the coordination structure that implements 
the net, correspond to each other if X and X(X) are the same. 
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Figure 5.3 The Representative Initiation-termination 
History Corresponding to the Signal 
History of Figure 5.2 
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A simulation sequence X of a coordination structure is said to 
be a terminal simulation sequence if X(X) is a terminal simulation 
sequence of the net that the structure implements; X is said to be 
complete if X(X) is complete. 

5.5 Statement of Correctness of Coordination Structures 

The coordination structures can be said to implement the coordination 
nets correctly if the theorems given below hold. In theorems 2 and 3, 
the adjective 'promptly' means without undue delays; finite delays, as 
encountered in transmission of signals, are permitted but indefinite 
delays, as in the case the action has to await some input signal, are 
not permitted. 

Theorem 1 Each simulation sequence X of a coordination structure S 
that implements a coordination net C corresponds to some simulation 
sequence of the net. 

Theorem 2 The coordination structures are active; that is, if the 
simulation sequence X produced by a coordination structure until 
time T is not a terminal simulation sequence, the structure (promptly) 
advances the simulation sequence (by producing a signal that advances 
the signal history). 

Theorem 3 The coordination structures are attentive; that is, if 
after a coordination structure has produced a simulation sequence X , 
termination of transitions is suspended, the simulation (promptly) 
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reaches a simulation sequence that is complete. 

Theorem 4 Each simulation sequence of a coordination net C corres- 
ponds to some simulation sequence of the coordination structure S 
that implements the net. (This theorem is converse of theorem 1 above.) 

Theorem 1 above merely states that the coordination structure that 
implements a coordination net does not produce any incorrect signal; 
this does not preclude the structure going into a deadlock and coming 
to a stop even when the simulation is not a terminal simulation. 
Theorem 2 states that the structures are active and theorem 3 states 
that the structures are attentive; structures having these two proper- 
ties can be called deadlock free. Theorem 4 states that the set of 
simulation sequences for the structures does not exclude 
any simulation sequence of the net. Outline of the proofs of these 
theorems are presented before the proofs themselves in order to facili- 
tate understanding of the proofs. The overview provided by these 
outlines should aid understanding of the role of various lemmas proved 
on the way. 

5.6 Proof of Theorem 1 

Theorem 1 can be restated as follows: If the coordination struc- 
ture S that implements a coordination net C produces a signal 
history H T through a sequence of successive time slices a = T (1) t(2) 
... T(n) = T then for 1 <; j <■ n H(H T ^0 is feasible initiation- 
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termination history of the net and is adjacent to the history 

H (H )• (F° r definitions of feasible history and adjacency of 
histories see definitions 5.2 and 5.3.) 

Outline of the Proof 

1. The transitions which are initiated or terminated between 
adjacent time slices of a signal history are disjoint in that they 
do not have any input places in common. 

2. The stone distribution (in coordination net C) corresponding 
to the feasible initiation- termination history HQf^" 1 ^) has un- 
claimed stones in all the input places of transitions initiated be- 
tween time slices T(j-l) and T(j). 

3. A P T <J- 1 >UO(T' T(J - 1 >- T <J>) is admissible, where T . T < J' 1 ^ ( J) 
is the set of transitions initiated between time slice T(j-l) and T(j) 
and the function O(T') has as its value the output places of the 
transitions in the set T 1 . 

4. An input transition is initiated only if it has received an 
input from the external world. 

Steps 1, 2, 3 and 4 show that the occurrence set satisfies con- 
dition (i) in definition 5.3. 

5. Transitions terminated between time slices T(j-l) and T(j) 
are active at time T(j-l), and the terminations come only after the 
associated events, if any, in the external worlds have occurred. This 
satisfies condition (ii) of definition 5.3. 
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6. An input-condition is initiated only if it is inactive, and 
an input- condition is acknowledged only after the associated input 
transition has occurred. 

7. An event is initiated only after the associated transition 
has initiated, and the transition is terminated only after the event 
has occurred . 

Steps 6 and 7 show that the occurrence set satisfies conditions 
(iii), (iv), (v) and (vi) of definition 5 .3 . 

It should be recalled that a stone cycle on a triple link con- 
sists of a cycle on the enable sublink and a cycle on the stone sub- 
link, that is, it involves signals e.r, e.a, s.r and s.a on the 
link (figure 5.4). The link is said to be stone-active during the 
time interval between signals s.r and s.a, in this condition the 
stone sublink of the link is active. 

Sub lemma 5.1 The triple link at port of a T-module is stone-active 
when the simple link at port 3 of the module is active; this includes 
the moment when the link is turned active and the moment the link is 
turned inactive. (A simple link is said to be active during the in- 
terval between a ready signal and the associated acknowledge signal.) 

proof ; From the P-net specification of the T-module (figure 4.16) it 
can be seen that the signals Oe.r, Oe.a, Os.r, 3.r, 3. a and Os.a 
are ordered in this sequence. Since signals 3.r and 3. a fall in 
between signals Os.r and Os.a, the sublemma holds. 



1M. 



i 

e . r 

i 

a . a 



s . r 



s tone -acLi ve 



1 2. i i r C: 



•■<= Stone Cycle and f.lic Stone-active 

;nd i t ; on 



142 

Sub lemma 5.2 If the emergent link of an IT-module is stone-active 
then the incident links are also stone-active. 

Proof : The relationships among relevant signals are shown in figure 5.5. 
This figure shows that the sublemma holds. 

■ 

Sublemma 5. 3 Only one emergent link of an EP-module can be stone-active 
at a time, and when an emergent link is stone-active, the incident link 
is also stone-active. 

Proof : The inter-relationship between relevant signals as obtained from 
the P-net specification of the EP-module is shown in figure 5.6. 
Because of the conflict at place p, only one of the emergent links 
can be stone-active at a time. Moreover, if any of the emergent links 
is stone-active then the incident link is also stone-active. 

■ 

Lemma 5. 1 The transitions which are initiated or terminated between 
adjacent time slices T(j-l) and T(j) are mutually disjoint from 
the transitions which continue to be active through time slices T(j-l) 
and T(j). (Two transitions are disjoint when they do not have any 
input places in common). 

Proof : As the slices are adjacent, the initiations and terminations 
are coincident. That is, the initiations of transitions and termina- 
tions of other transitions occur at the same moment. From sublemmas 
5.1 and 5.2, all triple links between the place structures and 



143 



IT 







Oe . r 






Oe.a 




/ \ 




le . a 2e . a 


r~ 


4 i 
Is . r 2s . r 






\ ^ 1 




link 1 

i 




0s - r 1 i-i n 
1 | link 

n v [ stone-active 
Os .a J 


link 2 


s tone-active 




' stone-active 






^ \ 






Is . a 2s . a 




\ </ 






( ) 





Figure 5.5 Stone-active Conditions and the IT-module 



144 



o 



Oe.r 



EP 



le .r 2e .r 



link 1 

stone "i \j/ 

active L Is a 




link 
}■ stone 
active 



J 



'ignre 5.6 Stone-active Conditions and the EP-module 



145 

transitions which initiate or terminate between time slice T(j-l) 
and t(j) as well as transitions which continue to be active 
through the time slices T(j-l) and T(j) are stone-active at 
this moment. Therefore, if any of these transitions share an input 
place, at least two emergent links of an EP-module in the place 
structure will be stone active at this moment, but this is not pos- 
sible as that contradicts sublemma 5.3 . Therefore these transitions 
do not have any input places in common, i.e., they are disjoint. 

■ 

The following sublemmas show that the input places of the tran- 
sitions initiated by the structure between time slices T(j-l) and 
T(j) have unclaimed stones in them. 

Sublemma 5.4 One stone cycle on an emergent link of a place structure 
corresponds to one communication cycle on an incident link of the place 
structure, i.e., a definite communication cycle on an incident link 
is associated with a definite stone cycle on an emergent link. 

Proof: The diagram of a place structure is shown in figure 4.28 . 
From the P-net specification of the modules it can be observed that: 
(i) One communication cycle on the emergent link of an IP-module 
corresponds to one communication cycle on an incident link and vice 
versa, (ii) one stone cycle on the emergent link of a P-module 
corresponds to one communication cycle on the incident link and vice 
versa, and (iii) one stone cycle on an emergent link of an EP-module 
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corresponds to one stone cycle on the incident link of the module and 

vice versa. 

From these three observations it can be concluded that one stone 
cycle on an emergent link of a place structure corresponds to one 
communication cycle on an incident link. 

The following sublemma is similar to that proved above except 
that it deals with the transition structure instead of the place 
structure. 

Sublemma 5.5 The occurrence of a transition, that is an initiation 
and termination of the transition uses a stone cycle from each 
incident link of the transition structure, and starts a communication 
cycle on each of the emergent links of the structure. 

Proof . The P-net specification of the T-module (figure 4.16) shows 
that the sequence Oe.r, Oe.a, Os.r and Os.a of signals is associa- 
ted with the sequence 3.r, 3. a. That is, a stone cycle on link is 
associated with a communication cycle on link 3. Furthermore one 
communication cycle on link 4 is associated with a communication 
cycle on link 3. 

The P-net specification of the IT-module (figure 4.15) shows that 
a stone cycle on the emergent link is associated with a stone cycle 
on each of the incident links. 
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From the above paragraphs it can be seen that a communication 
cycle on link 3 of the T-module in the transition structure (figure 
4.29) is associated with a stone cycle on each of the links incident 
on the structure. 

The P-net of the ET-module shows that one communication cycle 
is undergone on each of the emergent links for each communication 
cycle on the incident link. From this fact and from the first 
paragraph above, it can be concluded that a communication cycle on 
link 3 of the T-module in the transition structure gives rise to a 
communication cycle on each of the emergent links. The sublemma is 
thus proved, for a communication cycle on link 3 of the T-module 
corresponds to an initiation and termination of the associated 
transition. 



From the above sublemmas it can be seen that a transition in 
the coordination structure needs a stone cycle from each input place 
in the structure in order to occur, and a place structure gives rise 
to only one stone cycle for each communication cycle it receives from 
either some transition or from the initialization structure. Further- 
more, in the process of termination a transition gives rise to a com- 
munication cycle on each output place of that transition. The place 
structure thus merely transmits such cycles from one transition to 
another, just as a place in the coordination net merely transmits a 
stone from one transition to another. 
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As the presence of a stone at a place in a net is important as 
regards which transition in the net can be initiated, a similar con- 
cept should be defined in connection with places (i.e. place struc- 
tures) in the coordination structure. It has been said before that 
a transition, in terminating, gives rise to a cycle to the output 
places and the cycle given to a place is, so to say, used by a 
transition in the process of initiation and termination. From this 
arises the notion of a place being on. A place in a structure is 
said to be on during the time interval from the time a transition 
for which the place is an output place terminates to the time a tran- 
sition for which the place is an input place terminates. Thus, for 
a pla ce the condition of being "on" in the structure corresponds to 
the condit ion of "having a stone" in the net . 

T 
Lemma 5.2 If a structure produces a signal history H , and 

H(H T ), the corresponding representative initiation-termination 
history, is feasible, then exactly those places which have stones 
in them at the end of a simulation of the net producing the initia- 
tion-termination history H(H ) are on in the structure. 

Proof : A place in the net has a stone at the end of the above sim- 
ulation iff the number of stones placed in it (counting the initial 
stone) exceeds by one the number of stones removed from the place . 
The number of stones placed in a place is equal to one (for the 
initial stone, if any) plus the number of terminations of transitions 
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for which the place is an output place, and the number of stones 
removed from a place is equal to the number of terminations of tran- 
sitions for which the place is an input place. 

In an anlogous way, a place in the structure is on iff the 
number of cycles given to it, counting the cycle given by the 
initialization structure (if any), is one more than the number of 
cycles used by transitions for which the place is an input place. 
From the construction of the coordination structure and the P-net 
specification of the initialization module, the initialization struc- 
ture gives a cycle to a place structure corresponding to a place in 
the net iff the place in the net has an initial stone. The number 
of cycles given by the transitions is equal to the number of termina- 
tions of the transitions for which the place is an output place, and 
the number of cycles used by the transitions is equal to the number 

of terminations of transitions for which the place is an input place. 

T t 

Since H and H(H ) are isomorphic, it is clear from the 

above arguments that the places which are on in the structure 

correspond one-to-one with the places which have stones in the net. 



t Note that, as the nets are assumed to be safe, a place is not 
occupied by more than one stone at a time. 
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Lemma 5 . 3 If a coordination structure produces a signal history 
H T through a sequence of time slices a = T(l) T (2) ...T(j) and 

H(H T ^ _1 ^) is feasible, then the input places of the transitions 
initiated between T(j-l) and T(j) have unclaimed stones at the 
endofH(H T(j4) ). That is, I(T' T ( ^^ ( j) ) C B^C, H(R T ( ^ )) 

where t ,T ^ ' T ' is the set of transitions initiated between 
the time slices T(j-l) andT(j), and I(T') represents the input 
places of the set of transitions T r . 

Proof: First of all it will be shown that I(T |T ^ J " )_ ^ J ) c 

B(C, H(H T ))• The input places of transitions in T' 
must be on at the end of TCj-1), because these transitions cannot 
initiate unless the corresponding places are on and because between 
the end of time slice T(j-l) and initiation of these transitions 
there can be no terminations of transitions that make these places 
on as T(j-l) and T(j) are successive time slices. Therefore, 
from lemma 5.2 these input places have stones, i.e., 

I(I' T «- I)jr(j) ) C B(C, H(a T(j - 1)_T(J) )) (i) 

From lemma 5.1, transitions which initiate between T(j-l) and 
T(j) are disjoint from the active transitions at T(j-l). Therefore 



KAT^- 1 )) n Kr.TCJ-D-ra)) = 9 
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which is the same as 



B 



T(M) n I( /(M)^a)) = * (ii) 



From (i) and (ii) 



I(T' T(J - 1)Jr(j) )CB u (C, H^ " 1 ))) 



because B = B - B 



T 



u c 



The lemmas which follow are devoted to proving that the set of active 
places AP T(j " 1) U 0(T' T(j " 1) " T(j) ) is admissible, i.e., it does not 
violate the constraints. 

The different conditions of double and mixed-triple links are 
explained in figures 5.7 and 5.8. 

Sublemma 5.6 If the link at port 3 of the T-module is active, then 
the link at port 1 of the module is active. 

Proof: The relationships between relevant signals are shown in figure 
5.9 (the P-net specification for the T-module from which this is 

obtained is given in figure 4.16) which shows that link 1 is active 

when link 3 is active. 
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Figure 5.8 Conditions of the Mixed- tripple link 
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A similar examination of the P-net specification of the IR, R 
and const modules shows that (i) the emergent link of the IR-module 
is active if any of the incident links is active, (ii) the emergent 
mixed- triple link of the R module is active if the incident link is 
active, and (iii) a mixed-triple link coming from a const-module is 
active if the corresponding incident link is active. Taken together 
these results can be stated as the following sublemma. 

Sublemma 5.7 If link 1 of a T-module in the coordination structure 
is active, the entire mixed- triple link (in the constraint structure) 
associated with the T-module is active. 

One of the important functions of the constraint module is to 
ensure that not all of the incident links of the module are active 
at the same time. It can be seen that this is in fact achieved as 
when an incident link is active, place Pfc in the P-net specifica- 
tion of the module (shown in figure 4.23) has a stone and not all of 
the places P r --->P n can have stones at the same time. The result 
that not all incident links of a constraint module can be active at 
the same time is stated below as a sublemma. 

Sublemma 5.8 Not all incident links of a constraint-module can be 
active at the same time. 
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Sublemma 5.9 If the mixed-triple links associated with constraint 
equivalence classes ? v ---,\ (of places) are active then the active 
place set given by P L U...U p is admissible i.e. ^(p U...U P ) 



is true. 



Proof ; 

If P x U...U P k were not admissible then there would be a sub- 



se 



t {P 1 »--.,P i } of P 1 U...U P k that is a member of the constraint 
set Ct. Since {p 1 ,...,p i } is a member of Ct, {P 1> ...,P.3 is a 
member of RP(ct) where Pl ,...,p. fall into the constraint equiva- 
lence classes P 1 ,...,P i (from the definition of RP(Ct), section 3.2 

of Chapter 3). From the construction of the constraint structure, 
since {p^...^} is a member of RP(Ct), there is a constraint 

module in the constraint structure which involves just the links associa- 
ted with these equivalence classes. Because of this constraint module 
the links associated with the equivalence classes P ,...,p. cannot 

be active at the same time (sublemma 5.8). 

This is a contradiction as the links associated with P..,..., p. are 

active since the links associated with P , ...,P are given to be 

active. 
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Sub lemma 5.10 The links associated with the constraint equivalence 
classes into which the places in AP T(j_1) fall are active at the 
end of T(j-l). 

Proof : 

Ap T(j-D . B T(J-D u OCAT^J-^) 

The links associated with the equivalence classes into which the places 
in 0(AT T ^" 1 ' > ) fall are enabled because link 3 of each T-module 
associated with the transitions in AT T(j_1) is active. From sub lemmas 
5.6 and 5.7, when link 3 of a T-module is active, the link associated 
with the constraint equivalence class of places into which the output 
places of the transition fall is active (note that the net being homo- 
geneous the output places of a transition fall into the same constraint 
equivalence class). t- 1 ' 

The active condition of links emerging out of the places having stones 

(i.e. B T ^ J " ) is considered below. 

From lemma 5.2 the places which have stones in the net are on 
in the structure. Examination of the precedence structure shows that 
when a place is on, either link 4 of the T-module of a transition 
structure or link 2 of the initialization module (as the case may be) 
that turned the place on is active. In the first case link 1 of the 
T-module is active since link 4 is active, and because link 1 is active, 
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the mixed-triple link associated with the transition is active in 
the constraint structure (sublemma 5.7). That is, the link associa- 
ted with the constraint equivalence class of places into which the 
place falls is active. (Note that in a homogeneous net the output 
places of a transition belong to the same constraint equivalence class.) 
In the latter case, link of the initialization module is active and 
therefore the mixed-triple link associated with the constraint equiva- 
lence class of places into which the place falls is active in the con- 
straint structure. 

One can say, therefore, that the links associated with the equiva- 
lence classes into which the places in B fall are active. (2) 

From (1) and (2) the result in the sublemma follows. 

■ 

Sublemma 5.11 The links associated with the constraint equivalence 
classes into which the places in AP T ^ ^ U 0(T' T (J" 1 )" 1 " ^) fall 

are active at the moment the transitions in T' initiate 

(coincidentally) . 

Proof ; From the P-net specification of the T-module it can be seen 
that link 1 of the module is active at the time link 3 is turned active. 
Therefore, from sublemma 5.7, the mixed-triple links in the constraint 
structure associated with these transitions are active, i.e. the links 
associated with the constraint equivalence classes into which the out- 
put places of the transitions in T' fall are active. 
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Moreover the links associated with the constraint equivalence classes 
into which the places in AP T ' J ~ fall, continue to be active until 
the effect of the termination of transitions in T" is 

felt by them). The sub lemma thus follows. 

■ 

T 

Lemma 5 . 4 If a structure produces a signal history H through time 
slices t(1), •••, T(j) and H(H ) is feasible then the active place 
set AP T(j_1) U (T ,T(j " 1) " T(j) ) is admissible, i.e., 

V^^Uod^J" 1 ^^)) is true. 

Proof . Let the places in AP 1 "^" 1 ^ (T' T ( J~ 1)_T ^ >) fall into the con- 
straint equivalent classes P., •••, P . Then, according to sublemma 5.11, 
the links associated with these equivalence classes are active in the con- 
straint structure. Therefore, from sublemma 5 . 9, the set of active places 
P 1 U ••• U P is admissible. Since AP T(j_1) U 0(T ,T ( j " 1 ' ) " T ( j ^ ^ P U ••• 
U P, , and p. U ... U p, is admissible, the set of active places 

AP T(<j - 1 >U0(T' T( > 1 >- T <J>) is admissible. 

■ 

Lemma 5 . 5 T" J , the transitions terminated between adjacent time 
slices T(j-l) and t ( j ) are in AT T(j_1) , and ie (T" T (j " 1)_T (j ^ C IE 1 "^" 1 * 
is true (i.e. the events associated with the transitions have occurred). 



Proof. Since the first signal on a simple link has to be a ready signal, 
and the ready and acknowledge signals alternate, a transition in the struc- 
ture can be terminated only if it has been initiated and the associated 
event has occurred. (1) 
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As H(H ) is isomorphic to H T ^ J " \ the set of transitions active 
in the structure at T(j-l) is the same as the set of transitions active 
in the net at T(j-l). (2) 

From (1) and (2) the transitions terminated (coincidentally) be- 
tween time slices T(j-l) and T(j) are in AT T ^~ , and the events associa- 
ted with them have occurred. 

■ 

Lemma 5 . 6 The input-conditions which are initiated between adjacent 

time slices T(j-l) and T(j) are inactive at time T(j-l), that is 

cl T(j-l)-T(j) CIC T(j-l)_ 

The proof of the lemma above is similar to the proof of lemma 5.5. 

Lemma 5 . 7 The input-conditions which are terminated between adjacent 

time slices T(j-l) and T(j) are in Acl^~ \ 

P 

Proof - The termination of an input-condition in case of the coordination 
structure is marked by an acknowledge signal (on the associated incident 
link) which indicates that the associated input transition has terminated 
(and has registered (used) the input condition). Since the termination 
of the transition and the termination of input-condition are ordered that 
way, and the input-condition terminates between adjacent time slices 
T(j-l) and T(j), the termination of the transition must have occurred be- 
fore T(j-l). Now, in the coordination net, the corresponding termination 
of the transition removes the input-condition from the set AC and places 
it in the set ACq. Therefore, the input-conditions which are (coinciden- 
tally) terminated between time slices T(j-l) and T(j) are in ACq . 

P 
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Lercma 5.8 E .T<J-1)-T<J> C ^(J-D and E „T ( MM (j) c ^ _ 

Proof ; This lemma holds because the links emerging from the coordina- 
tion structure produce a ready signal at the head of the link (that is 
in the external world) only in response to a ready signal received at 
the tail, because they produce an acknowledge signal at the tail only 
in response to an acknowledge signal received at the head, and because 
the external world acknowledges the ready signal only after the associa- 
ted event has occurred. 

■ 

Theorem 1 Each simulation sequence X of the coordination structure 
S that implements a coordination net C corresponds to some simula- 
tion sequence of the net. 

Proof . The theorem can be restated as follows: If the coordination 
structure S that implements a coordination net C produces a sig- 
nal history H through a sequence of successive time slices 
a = T(l) T(2) ... T(n) = T then for 1 £ j <• n H(H VJ/ ) is feasible 
initiation- termination history of the net and is adjacent to the 
history H(H T(J " '). 

Basis 

If 0" is null this is true trivially. 
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Induction 

The theorem is assumed to hold for the length of sequence a 
less than or equal to j - 1, and is shown to hold for a 
of length j. 

To prove the induction step holds what needs to be shown is 
that H(H T(j) ) is feasible and adjacent to H(H T (j " 1 ' ) ) . 
As H(H ) is feasible (by hypothesis) it is only 
necessary to show that H(H T(j) ) is adjacent to H(H T(j_1 ^). 

H(H J ) is adjacent to H(H T ^ _1 ^) because from lemmas 5.1 

T" ( j ) 
to 5.8, H(H ) meets the requirements for being adjacent 

to H(H ) specified in the definition of adjacency (see 

definition 5.3). 

The theorem thus follows. 
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5.7 Proof of Theorem 2 

Theorem 2 states that coordination structures are active, that 
is, if the signal history produced by a coordination structure up to 
time slice T is not a terminal history, then the structure (promptly) 
produces some signal which advances the signal history (as well as the 
time slice). In other words the structure continues to produce signals 
until a terminal signal history is produced, at which point the struc- 
ture suspends its activity until arrival of a signal (a ready corres- 
ponding to an input-condition or an acknowledgement of an event) that 
makes the resulting signal history non-terminal. The steps in the 
proof of this theorem are as follows. 

Outline of the Proof 

1. A transition that is permitted to proceed by the conflict 
structure disables the conflicting transitions and initiations. 

2. A transition that sends a request to the conflict structure 
for permission to proceed either gets permission promptly or is promptly 
disabled by some conflicting transition. The adjective 'promptly' is 
used to emphasize the fact that the action takes place without undue 
delays; 'promptness' allows the delays of the kind encountered in trans- 
mission of signals, but does not allow indefinite delays as might be en- 
countered if the action has to await arrival of some input signals. More- 
over, if a transition that does not conflict with any of the transitions 
which already have permission from the conflict structure, sends a request 
to the conflict structure, then the conflict structure gives permission 
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to at least one such transition promptly. 

3. Upon receiving permission from the constraint structure, a 
transition sends a request to the conflict structure. 

4. From 1, 2 and 3 it can be concluded that a transition that 

gets permission from the constraint structure either initiates (promptly) 
or is promptly disabled by a conflicting transition. 

5. A ready transition, i.e. a transition whose input places are 

T T 

in B and whose input-condition is in AC , sends a request to the 
u Qi i 

constraint structure for permission unless it is disabled by a conflicting 
transition in the meantime. 

6. If there are any ready transitions whose output places can be 
admitted to the set of active places without violating the constraints, 
then the constraint structure gives permission to at least one of them. 

7. An active transition is promptly terminated following termination 
of the associated event. 

8. An active input-condition is promptly terminated following ter- 
mination of the associated transition. 

From the steps above it can be concluded that if there are any ready 
transitions that can be initiated without violating the constraints then 
at least one of them is initiated promptly, if there is any transition 
that can be terminated then it is terminated promptly, and if there 
is any input-condition that can be terminated then it is terminated 
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promptly. Thus if the signal history is not a terminal history, the 
structure advances the history promptly by producing a signal (corres- 
ponding to initiation of a transition, termination of a transition 
or termination of an input-condition. 

To show that step 1 in the proof of the theorem holds it should be 
shown that: (i) In giving permission to a transition the conflict 
structure denies permission to conflicting transitions by not acknowl- 
edging enable signals from them until disable signals are received, 
(ii) The transition which gets permission from the conflict structure 
promptly claims the stones at the. input, places of the transition and 
causes disable signals to be sent to the conflicting transitions (if any), 
(iii) When a disable signal is sent to a transition from a place, the 
portion of the coordination structure associated with that transition 
promptly returns to the condition it would be in if the transition had 
not received an enable signal from the place. (iv) When stone signals 
are sent to the transition from all input places of the transition, 
the transition structure initializes the part of the conflict structure 
associated with the transition and initiates the transition by sending 
a ready signal on link 3 of the associated T-module. These results are 
proved in a number of lemmas given below. 

The following sublemma states that only one of a set of conflict- 
ing transitions is permitted to proceed by the conflict structure 
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Sub lemma 5.12 Among the incident links of the conflict structure ex- 
actly one of the links associated with conflicting transitions can be 
active (Figure 5.8) at any given time. 

Proof . From the P-net specification of a conflict module (Figure 4.24) 
it can be seen that the net associated with an incident link must pick up 
the stone at place p before activating the link, and that the stone is 
not returned until the link is disabled. As a result, only one of the 
incident links of a conflict module can be active at any given time. 

— (1) 
Moreover, the emerging link associated with the incident link is 

activated before the incident link is activated, and is disabled only 
after the incident link is disabled. Therefore, an active incident link 
of the conflict structure is active throughout the conflict structure. 

— (2) 
By virtue of the construction of the conflict structure, links as- 
sociated with conflicting transitions have at least one conflict module 
in common. Therefore, from (1) and (2), only one link among the links 
associated with conflicting transitions is active at any given time. 
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The next sublemma states that the transition that gets permission 
from the conflict structure (promptly) claims the stones at its input 
places. It should be recalled that to claim the stone at a place 
(i.e. the stone equivalent in the place structure) the transition must 
be the first one to acknowledge the enable signal sent to it by the 
place structure. This is indeed the case because in giving permission 
to the transition, the conflict structure blocks conflicting transi- 
tions; the conflict structure does not acknowledge enable (request) sig- 
nals from conflicting transitions until they are disabled by the 
place structures. 

Sublemma 5.13 A transition which is permitted to proceed by the con- 
flict structure promptly claims the stones at its input places and causes 
the places to send disable signals to conflicting transitions. When the 
conflicting transitions are disabled, as indicated by acknowledge sig- 
nals for the enable and disable signals, the places send stone signals 
to the transition that claimed the stones. 

Proof . From the P-net specification of the T,IT and EP modules and the 
arrangement of these modules in the precedence structure the following 
can be observed: 

1. Upon receiving permission (acknowledgement for the enable sig- 
nal) on link 2, the T-module (Figure 4.16) acknowledges the enable sig- 
nal on link 0, and the IT-module (Figure 4.15) in turn acknowledges 
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enable signals on the incident links. These acknowledge signals reach 
the EP-modules corresponding to the input places of the transition. At 
each input place, this transition is guaranteed to be the first one to 
acknowledge the enable signal because the other transitions are block- 
aded in the conflict structure, i.e., the conflict structure does not 
acknowledge the enable signals from them until they are disabled. 

2. When the stone at a place is claimed by a transition, the EP- 
module acknowledges the enable signal on the incident link and sends 
disable signals to the other transitions. 

When the acknowledge signal from the EP-module is received, the P- 
module immediately sends a stone signal to it. When the other (con- 
flicting) transitions acknowledge the disable signals (and also the en- 
able signals), the EP-module sends a stone-signal to the transition 
which claimed the stone. 

From these observations the statement of sublemma follows. 

■ 

The next three sublemmas deal with the influence of a disable sig- 
nal on the structure associated with a transition. The disable signal 
turns the communication cycle which was started with the enable signal 
into a void cycle. That is to say that the disable signal nullifies the 
influence of the enable signal that was sent to the transition. The 
modules have been so specified that on receiving a disable signal on an 
incident link they initialize to the condition they would be in if the 
enable signal had not been received, but before returning to this con- 
dition they send a disable signal to the structures connected to the 
emergent links if enable signals have been sent to these emergent links, 
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so that they too are disabled in a similar manner. The modules signal 
completion of the initialization by acknowledging the enable and dis- 
able signals. 

Sub lemma 5.14 In response to a disable signal on an incident link the 
conflict structure initializes its substructure associated with that 
link and acknowledges the enable and disable signals. 

Proof . From the P-net specification of a conflict module (Figure 
4.24) it can be observed that the response of the module to a disable 
signal on an incident link is as follows: 

(i) If the module has not yet sent an enable signal on the corre- 
sponding emergent link, it immediately initializes itself and acknowl- 
edges the enable and disable signals on the incident link. 

(ii) In case the module has sent an enable signal on the corre- 
sponding emergent link, it sends a disable signal on the emergent link, 
and when these signals (the enable and disable signals) are acknowledged, 
it initializes itself and acknowledges the enable and disable signals on 
the incident link. 

(iii) The sink module used in terminating a double link acknowl- 
edges the enable and disable signals without any delay and returns to 
its initial condition. 

From these observations the sublemma follows. 
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The following sublemma is similar to the sublemma above, but deals with 
the constraint structure instead. 

Sublemma 5. 15 In response to a disable signal on an incident link the 
constraint structure initializes its substructure associated with the 
link to the condition it would be in if the associated enable signal had 
not been received, and signals completion of the initialization by ack- 
nowledging the enable and disable signals. 



Proof. From the P-net specification of IR, R and const modules and 
their arrangement in the constraint structure, one can observe that: 

1. The response of the IR-module to a disable signal is as follows: 

a) If the module has not acted on the enable signal or if at 
that time the other incident link is connected to the emergent 
link, the module immediately initializes its portion associated 
with the link (on which the disable signal was received) and 
acknowledges the enable and disable signals. 
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b) If the other incident link is idle and the module has sent 
an enable signal on the emergent link, then upon receiving the 
disable signal the module sends a disable signal on the emer- 
gent link to nullify the effect of that enable signal. When 
it receives an acknowledgement for the disable signal and for 
the enable signal (if it has not been received already) it 
initializes itself and acknowledges the disable signal (and 
also the enable signal unless that has been acknowledged 
already) on the incident link. 

2. The response of the R-module is as follows: 

a) If the communication on the emergent link of the module is 
in a completed state when the disable signal is received, the 
module immediately returns to its initial condition and ack- 
nowledges the enable and disable signals on the incident link. 

b) If the communication on the emergent link of the module 
is incomplete, the module sends a disable signal on the emer- 
gent link (if it has not been sent already). When, as a re- 
sult of the disable signal, the communication is completed, 
the module returns to its initial condition and acknowledges 
the enable and disable signals on the incident link. 
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3. The response of the constraint module to a disable signal on 
an incident link is as follows: (Recall that a communication 
cycle on the mixed-triple link consists of a communication cycle 
on the disable sublink and a communication cycle on either the 
enable or the check sublink.) 

Case l A communication cycle involving a cycle on the check sub- 
link. 

a) If the module receives the disable signal before it has acted 
on the check signal, (a ready signal on the check sublink) the module 
immediately initializes its portion associated with the link and ack- 
nowledges the check and disable signals (figure 4.23) 

b) If the module has acted on the check signal (by sending a 
check signal on the corresponding emergent link), the module sends a dis- 
able signal on the emergent link to nullify the check signal. When, 
as a result of the disable signal, the communication cycle on the emer- 
gent link is completed, the module initializes the portion associated 
with the link and acknowledges the check and disable signals. 

case_2 A communication cycle involving a cycle on the enable sub- 
link. 

The response of the module in this case is similar to that in 
case 1 above except in this case an enable signal is involved instead 
of a check signal. 
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The T-module, on receiving a disable signal on link 0, sends 
disable signals to the constraint structure and the conflict struc- 
ture. A disable signal is sent to the conflict structure only if an 
enable signal was sent to it already. From sublemmas 5.14 and 5.15 
the disable signals initialize these structures so that they are 
returned to the condition they would be in if the enable signals 
had not been sent to them. The enable and disable signals are then 
acknowledged to indicate that the initialization is complete, when 
the acknowledge signals are received, the T-module acknowledges the 
enable and disable signals on link 0. 

2. From the P-net specification of the IT-module (figure 4.15) 
the following can be observed: 

If the IT-module is waiting for an enable signal on the other 
incident link (from another place structure), the module immediately 
acknowledges the enable and disable signal from the place under con- 
sideration. In this case no communication is involved on the emer- 
gent link. On the other hand if the module has already sent an enable 
signal on the emergent link, the module sends a disable signal on the 
emergent link to nullify the enable signal. From part 1 of this proof, 
the disable signal nullifies the enable signal and both of them are 
acknowledged. Upon receiving these signals, the IT-module returns 
to the condition it would be in if no signals were received on the 
incident link under consideration and acknowledges the enable and 
disable signals. 

From 1 and 2 above the sub lemma follows. 
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Proof ; From sublemma 5.13 a transition which is permitted by the con- 
flict structure promptly claims the stones at its input places and 
causes the places to send disable signals to the conflicting transi- 
tions. From sublemma 5.16 these disable signals promptly disable the 
conflicting transitions by initializing the part of the structure 
associated with them to the condition it would be in if the enable 
signals notifying the presence of stones at the input places were not 
sent to them. The disabled transitions signal completion of the dis- 
abling process by acknowledging the enable and disable signals. When 
these signals are received, the places send stone signals to the tran- 
sition under consideration (sublemma 5.13), and upon receipt of stone 
signals from these places the transition structure promptly initiates 
the transition by sending out a ready signal on link 3 of the associa- 
ted T-module (sublemma 5.17). 

■ 

Lemma 5. 10 If there are any enabled incident links of a conflict 
structure which do not individually conflict with any of the incident 
links which are active, then at least one of them becomes active. (See 
figure 5.7 for the definition of the active condition of a double link.) 

In other words, if transitions that do not conflict with any of 
the transitions which are in the process of initiating, send requests 
to the conflict structure, then at least one of them is given permission 
to initiate. 
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Proof . The proof is by induction on the number of conflict modules 
in the conflict structure. Let n denote the number of conflict 
modules in the conflict structure. 

Basis (n = 0): The case when there is no conflict module in 
the conflict structure. In this case all incident links are termi- 
nated by sink modules and none of the incident links conflict with 
any other links. Since a sink module immediately acknowledges the 
enable signal, the result of the lemma holds. 

Induction: The lemma is assumed to hold for n = r and is 
shown to hold for n = r + 1. 

Consider the conflict structure as consisting of two parts: 
i) the conflict module nearest to the incident links and ii) the 
remaining portion of the conflict structure having r conflict 
modules. 

From the P-net specification of the conflict module (figure 4.24) 
it can be observed that if some incident links of the module are 
enabled while none of them is in the active condition then the module 
enables the emergent link corresponding to one of the enabled incident 
links (if it has not done so already), and when the emergent link is 
activated the module activates the corresponding incident link. 
Thus at least one of the enabled links under consideration will be 
enabled past the first conflict module in the structure, i.e., one 
of the links incident on the remaining structure which does not conflict 
with any of the active links will be enabled. Since the remaining 
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conflict structure has only r conflict modules, from the hypothesis 
it follows that one of the links incident of this part of the conflict 
structure will be activated. If this link bypasses the first conflict 
module then it is one of the incident links of the structure, while if 
it passes through the first conflict module then the module activates 
the corresponding incident link. 
The lemma thus follows. 



Lemma 5.11 A transition which is permitted to proceed by the constraint 
structure promptly sends a request to the conflict structure for its 
permission. 

Proof. From the P-net specification of the T-module (figure 4.16) it 
can be observed that when the constraint structure gives permission 
to the transition (to proceed) by acknowledging the enable signal on 
link 1, the T-module immediately sends an enable signal to the conflict 
structure on link 2. The enable signal sent to the conflict structure 
from the T-module represents a request on part of the associated 

transition for permission to initiate. 

■ 

Lemma 5. 12 A transition which gets permission from the constraint 
structure either initiates promptly or is promptly disabled by a 
conflicting transition. 
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Proof . From lemma 5-11 the transition which is given permission by 
the constraint structure promptly sends a request to the conflict 
structure. From lemma 5.10, unless some conflicting transition is 
given permission by the conflict structure, it is given permission 
by the conflict structure too. If the transition is given permission, 
it initiates after promptly disabling the conflicting transition 
(lemma 5.9). On the other hand if a conflicting transition is given 
permission, the conflicting transition promptly disables the transition 
under consideration (lemma 5.9). 

■ 
Lemma 5. 13 A ready transition, that is a transition whose input places 

T T 

are in B and whose input- condition is in CA , sends a request to 
u Of 

the constraint structure for permission to proceed unless it is dis- 
abled by a conflicting transition in the meantime. 

Proof . From the P-net specification of the T, ET, IP, P, EP and - IT 
modules the following can be observed : 

1. As soon as the transition associated with a T-module is ter- 
minated, i.e. an acknowledge signal is received on link 3, the 
module sends an enable signal on link 4. 

2. As soon as the ET-module receives an enable signal, it sends 
enable signals on the emergent links. 



179 



3. The IP-module sends an enable signal on the emergent link 
for each signal received on an incident link. If the module is 
not serving some other link when an enable signal is received on 
an incident link, the module immediately sends an enable signal 
on the emergent link, otherwise the transmission of the signal is 
temporarily delayed until the module is released by that link, 
(see observation 8) 

4. The P-module sends an enable signal on the emergent link as 
soon as it receives an enable signal (a ready signal) on the 
incident link. 

5. The EP-module sends enable signals on the emergent links as 
soon as it receives an enable signal on the incident link. 

6. Upon receiving enable signals on both incident links, the 
IT-module sends an enable signal on the emergent link unless in 
the meantime one of the enable signals on the incident links is 
nullified by a disable signal. 

7. Upon receipt of an enable signal on link 0, the T-module 
promptly sends a request to the constraint structure for permission 
to proceed. 

8. From lemma 5.2 the places which have stones in the coordina- 
tion net are on in the coordination structure. The 
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places in B(B°,H T ) are in the on condition. Being in the on 
condition means that some transition for which this place is an 
output place has begun the process of sending the enable signal 
to the place (following the termination of the transition). The 
enable signal sent to the place corresponds to a stone. Coordina- 
tion nets being safe a place can be on on account of at most one 
transition at a time. Therefore in the observation 3 the IP-module 
is called upon to serve only one incident link at a time. 

From the observation above, all input places of a transition enabled 
for the stone districution B(B°,H T ) send enable signals to the IT- 
module of the transition. If the transition is not an input transi- 
tion, these enable signals account for all incident links of the IT- 
module. If the transition is an input transition, this condition is 
reached when the associated input- condition sends an enable signal. 
The IT-module sends an enable signal to the T-module unless one of 
the enable signals is nullified (by a disable signal) in the meantime. 
The T-module then promptly sends a request to the constraint structure 

for permission to proceed. 

■ 

A portion of the constraint structure consisting of a sequence of 
constraint modules together with the mixed-triple links which pass 
through them and the sink modules which terminate the links is called 
a partial constraint structure ; the portion of the constraint structure 
below the R-modules is a partial constraint structure and so is the 
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portion below any constraint module. Earlier in this chapter (sublemma 5.9) 
it was shown that the constraint structure does not activate an enabled in- 
cident link if it cannot be admitted without violating the constraints. 
This is true because a partial constraint structure does not activate 
an enabled incident link if it cannot be admitted without violating 
the constraints associated with it. The following sublemma shows that 
if there are any enabled incident links which can be admitted without 
violating the constraints then the partial constraint structure activates 
at least one enabled incident link. (For the different conditions of 
a mixed-triple link see figure 5.8.) 

Sublemma 5. 18 If any of the enabled incident links of a partial con- 
straint structure can be activated without violating the constraints , 
then at least one of the enabled links is activated (promptly); the 
others are (promptly) put into either an active or an inactive condition. 

Proof . The proof is by induction on the number of constraint modules 
in the partial constraint structure. Before taking up the proof, the fol- 
lowing properties of the constraint structure should be observed from the 
P-net specification of the module (figure 4.23). It should be recalled 
that a constraint module is said to be saturated when it has admitted 
all but one of the links incident on it. A constraint module is said 
to have admitted a link as soon as it allows the enable signal on the 
link to pass through it; the link is said to be in the admitted condi- 
tion until it is either disabled or turned inactive. 
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1. If the constraint module is not saturated and some of its 
incident links are enabled, the module admits at least one of them by 
enabling the corresponding emergent link. If the emergent link is sub- 
sequently activated, (i.e. the enable signal is acknowledged positively) 
the module activates the corresponding incident link, and if it is put 
into inactive condition, the module makes the corresponding incident 
link inactive. 

2. If the constraint module is saturated, it immediately makes 
the enabled incident link inactive, that is, the constraint module 
immediately returns a negative acknowledgement for the enable signal. 

From these observation it can be concluded that a constraint module 
promptly either admits an enabled incident link or make it inactive. 

Now, to continue to the proof, let the number of constraint modules 
in the partial constraint structure be denoted by n. 

Basis (n = 0): In this case all incident links of the structure 
are terminated by sink modules. Since a sink module immediately returns 
a positive acknowledge signal for an enable signal sent to it, the 
sublemma is valid for the basis. 

Induction The sublemma is assumed to hold for n = r and is 
shown to hold for n = r + 1 . Consider the partial constraint struc- 
ture in two parts: i) the first constraint module from the top and 
ii) the remaining substructure below the first constraint module. 
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Consider the progress of an enabled link which can be activated 
without violating the constraints. The progress need by observed only 
up to the moment when some incident link, not necessarily the same as 
the one under consideration, is activated. 

If the link under consideration bypasses the first constraint 
module, it is directly incident on the the sub- structure. In this 
case from the hyposthesis of the induction step, at least one of the 
incident links of the sub-structure is activated (the sub-structure has 
only r constraint modules). If the link which is activated bypasses 
the first module, it is itself an incident link of the partial structure 
under consideration. On the other hand, if the link passes through the 
first module, the module activates the corresponding incident link. 

If the enabled link whose progress is being considered passes 
through the first module, the remaining links of the first module could 
not all be active, but it could be that they have been admitted by the 
module. The links which have been admitted but not activated will 
promptly be made either active or inactive by the sub- structure. If any 
link is activated, the corresponding incident link is activated. On 
the other hand if any of the links is rejected, the link under consider- 
ation will be admitted. From the hypothesis, then, at least one of the 
incident links of the sub- structure will be activated and this will 
lead to activation of the corresponding incident link of the structure 
under consideration. 
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Sub lemma 5- 19 If an enabled incident link of a partial constraint 
structure inclusive of the R-module cannot be activated without viola- 
ting the constraints, that is it cannot be added to the set of links 
already active without violating the constraints, then the progress 
of the link comes to a halt at some (saturated) constraint module which 
blocks a check signal on the link. 

Proof . If a link cannot be added to the set of links already active 
without violating the constraints, then by virtue of the construction 
these exists a constraint module through which this link passes, all of 
whose other links of are already active. The module is therefore satura- 
ted and from the P-net specification of the module, it blocks the check 
signal on the link. Therefore, if the R-module sends a check signal, it 
is blockaded at one such module. What needs to be considered is the 
possibility that the R-module has already sent an enable signal on be- 
half of the link. In this case the saturated module will return a 
negative acknowledge signal in response to the enable signal and the 
R-module will then send a check signal which will get blocked at the 

saturated constraint module. 

■ 

Sub lemma 5. 20 If any of the enabled incident links of a partial con- 
straint structure inclusive of the R-modules can be activated without 
violating the constraints, then at least one of them is activated. 
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Proof. If none of them is activated then the following must hold. 

1. The progress of the links which cannot be activated without 
violating the constraints will soon be halted at some constraint modules 
as the check signals on those links are blocked at these modules. 

2. When the progress of all links which cannot be activated 
without violating the constraint is blocked, only those links which can 
be activated without violating the constraints can be enabled (past 
the R-module). If there is any such enabled link then, from sublemma 
5.18 at least one of them is activated. If none is already enabled 
then at least one of them will be, as the check signal sent out on 

it by the associated R-module will reach the sink module unobstructed 
and will be acknowledged positively, whereupon the R-module will 
enable the link. 

■ 

Lemma 5.14 If any of the enabled incident links of the constraint 
structure can be individually activated without violating the con- 
straints, then at least one of them is activated. 

Proof. Consider the progress of an enabled incident link which can 
be activated without violating the constraints. 

1. If the emergent link of the IR-module on which the link is 
incident is already active, (on account of the other incident links), 
the IR-module immediately activates the incident link under considera- 
tion. If the emergent link is idle, the module enables the emergent 
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link and waits for it to be activated. If the emergent link has been 
enabled already on account of the other incident link, the module just 
waits for it to be activated. In any case, it follows that the emergent 
link is enabled if it is not active already. 

2. Now consider the partial constraint structure inclusive of the 
R-module. Since the link under consideration (which is enabled by the 
IR-module) can be activated without violating the constraints, it 
follows, from sub lemma 5.20, that at least one of the incident links of 
this partial constraint structure is activated, and shortly thereafter 
the corresponding incident link (or links) of the constraint structure 
is activated. m 

Lemma 5.15 Following time slice T, if there are any ready transitions 
which can be individually initiated, that is the output places of the 
individual transitions can be added to the set of active places without 
violating the constraints, then the constraint structure promptly gives 
permission to at least one of them. 

Proof . 

1. If some incident links of the constraint structure associated 
with transitions other than those which are either active or have ter- 
minated but whose output stones have not been removed by other transi- 
tions, are active then they correspond to ready transitions which have 
been given permission but have not had time to initiate, i.e. the con- 
straint structure has already permitted some ready transition. If none 
of the ready transitions have been given permission the following holds: 
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2. From lemma 5.13, the ready transitions send requests to the 
constraint structure unless they are disabled, but none of them will 
be disabled until at least one of them gets permission from the con- 
straint structure and proceeds to initiate. Therefore, some ready 
transitions which can be individually initiated without violating the 
constraints promptly send request to the constraint structure. It 
remains to be shown that at least one of them is given permission by 
the constraint structure: 

3. A transition disables its link to the constraint structure 
after its output stones have been used up by some other transitions 
(the initialization structure does the same too). Therefore, in due 
time only (i) the incident link corresponding to those transitions 
that have occurred but whose output stones are still in output 
places and (ii) the links from the initialization structure corres- 
ponding to initial stones which are still there, are active. The link 
associated with a ready transition whose output places can be added 
to the set of active places without violating the constraints can be 
active, together with those links already active, without violating the 
constraints. Therefore from lemma 5.14 the constraint structure activ- 
ates the link associated with at least one ready transition and, in so 
doing, gives it permission. 

Lemma 5 . 16 If following time slice T there are any ready transitions 
which can be individually initiated, that is, the output places of the 
individual transitions can be added to the set of active places without 
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violating the constraints then the coordination structure initiates at 
at least one of them. 

Proof. This lemma follows directly from lemmas 5.15 and 5.12 . Lemma 
5.15 says that at least one of these transitions is given permission 
by the constraint structure and lemma 5.12 says that if some transi- 
tions are given permission by the constraint structure then at least 

one of them initiates. 

■ 

T T 

Lemma 5.17 If a transition t is in AT and ie(t) is in IE ff , 

then the transition is promptly terminated. 

Proof. That transition t is in AT means that the transition is 

T 
active, i.e. it has not been initiated, and that ie(t) is in IE^ 

means that the associated event has terminated. For the coordination 
structure this means that an acknowledge signal has been returned to 
the transition structure (on link 3 of the T-module) but the signal has 
not reached the structure. Since signals sent on links at one end 
reach the other end promptly, the acknowledge signal promptly reaches 
the transition structure and the transition is terminated. 

The lemma thus follows. 
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Lemma 



5.18 If there is any input-condition in AC then it is promptly 



terminated. 



Proof . An input condition is placed in the set AC when the associa- 
ted transition has terminated (following its initiation). The P-net 
specification of the T-module (figure 4.16) shows that the T-module 
associated with the transition acknowledges stone signal on link as 
soon as the transition is terminated. This acknowledge signal reaches 
the P-module associated with the input condition. The P-module then 
immediately returns an acknowledge signal on the incident link corres- 
ponding to that input condition i.e. the input- condition is terminated. 

Thus the lemma follows. 

■ 

Theorem 2 The coordination structures are active; that is, if the 
simulation sequence X produced by a coordination structure until 
time t is not a terminal simulation sequence, the structure (promptly) 
advances the simulation sequence (by producing a signal that advances 
the signal history). 

Proof. The proof of this theorem follows directly from lemma 5.16, 
5.17 and 5.18 for when the history is not terminal then the conditions 
of at least one of these lemmas are met and according to the lemmas the 
structure produces a signal which advances the signal history. 
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5.8 Proof of Theorem 3 

Theorem 3 The coordination structures are attentive; that is, if 
after a coordination structure has produced a simulation sequence X, 
termination of transitions is suspended, the simulation (promptly) 
reaches a simulation sequence that is complete. 

Proof . Consider the simulation of the net that is represented by the 
simulation of the structure (that implements the net). As soon as 
termination of transitions is suspended, the stone distribution in the 
net is frozen as only termination of transition alters stone distribu- 
tion. Therefore, no new transitions can be enabled, and a transition 
which cannot be initiated without violating the constraints continues 
to be that way. There being only a finite number of transitions in the 
net, the number of enabled transition is also finite. Thus after 
termination of transitions is suspended only a finite number of tran- 
sition which are already enabled and whose initiation would not violate 
the constraints can be initiated. Now, from lemma 5.16 if there are 
any enabled transition whose input-condition are active, then the 
structure continues to initiate transitions until none such transition 
if left. Furthermore, from lemma 5.18, if there are any active input 
conditions and the transitions associated with them are already termina- 
ted (using them) , then those input-conditions are promptly terminated 
by the structure. 
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Thus the simulation of the structure promptly reaches a simula- 
tion sequence which cannot be advanced by initiating a transition or 
terminating an input-condition. 

The theorem thus follows. 



5.9 proof of Theorem 4 

Theorem 4 Each simulation sequence of a coordination net C corres- 
ponds to some simulation sequence of the coordination structure S 
that implements the net. 



In the following discussion, s refers to a signal of the kind r 

t i 
which represents a ready signal associated with transition t. , and 

t 
H *s refers to the signal history that results when signal s is added 

to the signal history H T . Similarly H^s . ..s n denotes the signal 

history obtained by adding signals s. ,s„, . . . ,s to history H T in that 

l z n — 

sequence. 



t( i) 
Sub lemma 5.21 If H is a signal history produced by a coordina- 
tion net up to time slice T(j), and there exists a signal s such 
that H(H VJ/ «s) is feasible then H KJ '-s is a possible signal history 
of the structure at the successive time slice t(j + 1) . 
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Proof. Consider initiation of transitions in the coordination 
structure. Which of the transitions that are ready at time slice t(j) 
but which conflict over input places or cannot be all initiated because 
of the restrictions on account of constraints, initiate depends on the 
outcome of a race among them in the constraint structure and in the 
conflict structure; those transitions which do not conflict and which 
are not restricted by the constraints proceed independently. Since delays 
in transmission of signals can be arbitrary, both in the constraint 
structure and in the conflict structure, any of the competing transitions 
could win the race. Thus a transition which is ready at time slice t(j) 
could be the next transition to initiate. Similarly, an input -condition 
which can be terminated following time slice t(j) could be the next 
input-condition to terminate, an event which can be initiated following 

time slice t(j) could be the next event to be initiated, and a 
transition which can be terminated following time slice t(j) could 
be the next transition to be terminated. Initiations of input- 
conditions and terminations of events is controlled by the external 
world. Thus depending on the external world, a given input -condition 
could be the next input -condition to be initiated, and similarly a given 
event could be the next event to be terminated. 

As the signals mentioned above occur independently and delays in 
transmission of signals are arbitrary, any of them could be the (next) 
signal that advences the time slice t(j) to t(j + 1) . Thus the 
sublemma holds. 
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t( i) 
Lemma 5.19 If H VJ ' is a signal history produced by a coordi- 
nation net up to time slice t(j), and there exixts a set of signals 

s,,s ,...,s (an occurrence set) such that H(H T ^'«s,s„ ... s ) 
1 z n — 1 2 n 

is feasible and adjacent to H(H ^ J '), then it is possible for 

t( j) 
H * s i s 2 ' " s n to De the signal history of the structure at the 

successor time slice t(j + 1) . 

Proof. Since H(H v J/ •s 1 s 2 . . .s n ) is feasible and adjacent to 

T (j) 
H(H ) , signals s^,s,...,s correspond to distinct transitions, 

input -conditions and events. Moreover, they could occur in any sequence 

as occurrence of any of them does not affect the feasibility of any of 

the others (see definition 5.3). From the above fact and sublemma 5.21, 

it follows that these signals could be the next n signals that proceed 

to occur, and since they are independent and travel on links with arbitrary 

delays, they could occur at the same time. 

The lemma thus follows. 



Theorem 4 Each simulation sequence of a coordination net C corres- 
ponds to some simulation sequence of the coordination structure S 
that implements the net. 

This theorem is a direct consequence of lemma 5.19 and the defini- 
tions of feasible history and simulation sequence of coordination nets 
(definitions 5.2 and 5.5). 



CHAPTER 6 
CONCURRENT MANAGEMENT OF SHARED RESOURCES 



6.1 introduction 

An important application of the scheme for the coordination of 
events is in the management of computing resources in a parallel 
computer system where the shared computing resources are kept in a 
pool from which loans can be made to the users upon demand. 
Proper management of such resources involves (i) ensuring that 
conflicting assignments are not made, (ii) overly generous assignments 
are not made (i.e. more than the amount requested is not assigned), 
(iii) the resources are not kept idle unnecessarily, and (iv) that the 
system is free of any hang-ups on account of mismanagement of the 



resources. 



in sequential computer systems, some of these requirements are 
naturally met, so much so that in many instances resource management 
is considered synonymous with resource allocation even though 
resource management involves more than just resource allocation. In 
parallel computer systems in which resources are assigned to the 
user concurrently, these requirements are not met automatically and 
the role of parts other than the allocator becomes important. A 
resource management system has three parts: an allocator, a selector 
and a connector. 



195 



The function of the allocator is to make decisions regarding 
the quantity of resources of various types to be allocated to the 
users. Such decisions are made either when a request for the use 
of some resources is received or when some resources are released 
by some users. An allocator does not distinguish between the 
individual members of a pool of resources of one type: the 
allocator allocates resources without indicating which particu- 
lar resource units are to be assigned. This task is that of the 
selector . The selector, after assigning particular resources to the 
user, instructs the connector to make the assigned resources physi- 
cally available to the user. 

This chapter indicates the nature of the coordinations involved 
in concurrent management of shared resources. The coordination nets 
for the parts of the resource management systems can be considered 
to be software specifications of the systems and the corresponding 
coordination structures can be considered as their hardware imple- 
mentations. If the speed of the resource management system is not 
critical and the coordination nets representing the system can be 
programmed in a language implemented on the computer then it is 
not necessary to consider the hardware implementation of the 
resource management system. Resource management systems implemented 
in the hardware are called arbiters [14]. The over all structure of an 
arbiter for concurrent management of resources is shown in figure 6.1 
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Resources 
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labelled 'a' indicate that the corresponding user has been granted 
a unit of resource; when more than one resource is allocated, 
more than one input transition is associated with the user. The 
output transition labelled 'c..' indicates that the resource unit j 
is assigned to user i. The input transition labelled 'd^' indicates 
that user i has done with the use of the assigned resource, and the 
output transitions labelled 'b' indicate that the assigned resources 
have been released. 

A coordination structure for implementing the coordination can be 
derived from the coordination net by the method presented in chapter 4. 

The interconnection of a selector with the other structures in 
the arbiter is shown in figure 6.1 . The links incident on the selec- 
tor that come from the allocator correspond to input transitions 
labelled 'a 1 , the emergent links going to the allocator correspond 
to output transitions labelled *b', the emergent links going to the 
connector correspond to output transitions labelled ' c 1 , and the in- 
cident links from the connector correspond to input transitions la- 
belled 'd'. 

From the coordination net for the selector it can be seen that 
the selector does not assign a particular unit of resource to more 
than one user (as a resource unit is assumed not to be usable by 
more than one user at a time) . Moreover the selector does not assign 
more than the requested amount of resource. Thus the selector meets 
the requirements of proper resource management. 
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6.4 The Allocator 

The task of the allocator is to allocate various amounts of 
resources to the users. In so doing the allocator must not allocate 
more than the available resources, and must not make allocations which 
lead to hang-ups. These requirements are part of the requirements of 
proper resource management. 

An allocator is the part of the arbiter in which the allocation 
strategy of the resource management system is implemented. As 
allocation strategies vary widely depending on the nature of the users 
and the resources, instead of presenting a specific allocator, differ- 
ent aspects of coordination in allocators are discussed below with the 
aid of examples. 

Consider a situation where there are two identical resource units 
and three users named 1, 2 and 3. User 1 and user 2 each need one 
unit of resource but user 3 needs two units of resource. Furthermore 
user 3 does not care for the resource unless he can get both the units 
at the same time. The users use the resources for a finite time and 
return them to the pool thereafter. The users are permitted to repeat 
their request as many times as they wish. 

A coordination net defining an allocator for the above situation 
is shown in figure 6.4 . The constraint set in the coordination net 
ensures that events which would cause over-allocation are prevented 
from occurring. 
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6.5 Fairness in Allocation 

It may be recognized that the allocation strategy embodied in 
the above coordination net is unfair to user 3, for if users 1 and 2 
cycle indefinitely, user 3 may not get any service. This defect of 
the allocator above can be remedied by adding some additional con- 
straints as shown in figure 6.5 . In this coordination net the 
transitions ^ and t ? ensure fair treatment to all users. 

6.6 Deadly Embrace and Safety 

In addition to ensuring fairness, an allocator must not perform 
any allocation that leads to a hang-up. 'Figure 6.6 shows an alloca- 
tor which permits hang-ups. This allocator handles four units of 
resource, and in this case the users, instead of requiring the 
resources at one time, require the resources in steps. The resources 
allocated at a step are not returned until end of the last step. For 
example, user 1 requres one unit of resource in the first step and 
two more units of resources in the second step, and the units alloca- 
ted in either step one or step two are not returned until the job 
ends. Similarly user 3 requires two units of resources at first and 
two additional units of resources later before completing the job. 
In this case consider a situation in which user 1 is in step 
one, user 2 is idle and user 3 requests resources for its first step. 
At this moment there being three free resource-units, the allocator 
may allocate two units of resource to user 3 to initiate the first 
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step. This allocation though feasible is unwise, for it results in a 
situation where neither user 1 nor user 3 can complete his job on 
account of a lack of adequate resources and neither user can return the 
allocated resources to let the other user complete his job. Hang-ups 
of these kind are referred to as deadly embraces . For proper operation 
an allocator should be free of any deadly embraces. 

An allocation is said to be a safe allocation if there exists 
some subsequent allocations which permit all users to complete their 
jobs. Strategies for safe allocations are studied by Haberman [17] , 
Shoshani, Coffman [18] and Hebalkar [19]. Haberman assumes a simple 
model where the users do not return allocated resources until the 
job is completely done (as in the above example) , and assumes that 
the capabilities of the resources do not overlap. Shoshani and 
Coffman extend Haberman' s model to allow the users to return some 
of the allocated resources at various points in the completion of 
the job. Hebalkar in his forthcoming thesis deals with multiple types 
of resources whose capabilities may overlap. The author would like 
to acknowledge Hebalkar' s work as the source of the following treat- 
ment of safe allocations. 

6.7 Coordination for Safety 

The conditions (i.e. the stone distributions) in the coordina- 
tion net representing an allocator represent the states of the allo- 
cator. Each of these states implies some allocation of resources. A 
table of these states with the state transitions (in the sense of 
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switching circuit theory) indicates how the allocation state could 
change. Since concurrent activities are involved, the often made 
assumption of a single variable changing at a time does not hold, and 
therefore the table includes transitions corresponding to multiple 
changes. A variable is associated with each user and its values 
correspond to the steps in the activity of the user with regard to 
his resource requirements. 

What is required of the allocator is that it should not enter 
into certain undesirable states. The undesirable states are of two 
types: i) those which correspond to allocations which are not feasible 
because of the limited amount of resources and ii) those which are 
feasible but are unsafe because they lead to deadly embraces. The 
infeasible states can be determined easily as the resource require- 
ment of each allocation state is known from the resource requirements 
of the users at various stages of their activity. In the case of 
the allocator of figure 6.6, states 012, 201, 102, 202, 211, 112 and 
212 are infeasible as they require more than four units of resource 
but the system has only four units of resource at its disposal. 

A state is safe if there exists an allocation path that involves 
only feasible states from that state to the idle state (i.e. 000). 
The test for safeness may involve a search through the state table 
(or the corresponding state diagram) . Bounds on the lengths of such 
tests are studied in the works mentioned earlier. 
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It is interesting to note that even though multiple variable 
changes are permitted, an abridged state diagram giving only the 
transitions corresponding to single variable changes is sufficient 
to determine safeness of the states. Moreover there is no need to 
show transitions from the infeasible states. An abridged diagram 
for the allocator of figure 6.6 is shown in figure 6.7 . From this 
diagram it can be seen that states 101 and 111 are unsafe. 

By ruling out infeasible and unsafe states as attainable states 
the behavior of the allocator is restricted to that of a strongly 
connected finite state machine whose states are the feasible states 
that are safe. The application of the scheme for the coordination 
of events to allocators can now be seen. Coordination of events 
provides a means for enforcing such a restriction on allocators. In 
the abstract world such restrictions are obtained through the coordi- 
nation nets and in the physical world the restrictions are enforced 
through the coordination structures. 

It may be recalled that states in the state diagrams for the 
allocator correspond to conditions in the coordination net for the 
allocator. The undesirable states can be ruled out by ruling out 
the corresponding conditions i.e. by including the conditions in the 
constraint set of the net. In the case of the allocator considered 
above, the constraint set Ct = {{ r ii> r oi} > £ r i2' r 31^ ' ^ r ll' r 32^ 
{ r ■. , r „}} enforces the necessary restrictions. 
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6.8 Multiple Types of Resources 

The resources which are managed by the resource management system 
need not be of the same type. When more than one type of resource is 
involved, there are two cases to be considered, viz i) the functional 
capabilities of the resources of different types do not overlap and 
ii) the functional capabilities of the resources of different type 
do overlap, so that in some instances resources of one type can be used 
in place of resources of another type. In the first case the types of 
coordination nets used for systems with resources of a single type are 
adequate; the only change required is that the resource requirements of 
the different steps now involve more than one type of resource, and the 
infeasible states of the allocator are the states whose requirements 
for any type of resource exceeds the available resources of that type. 
From the knowledge of the infeasible states, the unsafe states can be 
found in the same way as in the case of resources of a single type. 

The second case involves choices in the allocations. These 
choices are used by the allocator to improve the utilization of resources 
and services to users. Choices can be represented in the coordination 
nets by means of conflicts as in the case of the allocator described 

below. 

Consider a situation in which there are two types of resource; 
one unit of resource type A and two units of resource of type B. 
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The system has three users; user 1 needs one unit of resource of type A, 
user 2 needs one unit of type B and user 3 needs either two units of 
type B or one unit of type A together with one unit of type B. 

To use the resources fully, the allocator chooses between the 
alternatives of allocating either two units of type B or one unit of 
type A and one of type B to user 3 depending on the available free 
resources. A coordination net for the above allocator is shown in 
figure 6.8 . In the net, transitions a^ and a'^ which conflict with 
each other over place q represent the above mentioned alternatives. 
When place q gets a stone, the allocator makes the choice of alloca- 
tion by choosing one of these two transitions. The choice is based on 
which of the resource requirements is met first; when the requirements 
for both alternatives are met at the same time (i.e. when one unit of 
type A and two units of type B are free to be allocated) , the choice is 
made arbitrarily. 

The treatment of safeness in this case is not much different from 
the earlier cases. The states of the allocator correspond to the condi- 
tion in the net. States which include alternative conditions are ruled 
out as they cannot arise. The infeasible states can be found from the 
resource requirements of the states, and once the infeasible states are 
known, the unsafe states can be found just as in the previous cases. 



CHAPTER 7 



CONCLUSIONS 



7.1 Introduction 

The subject of this thesis is intimately connected with the 
following topics: i) languages and schemata for the representation of 
systems and the interaction of one system with another, ii) systematic 
design and implementation of modular hardware structures, and iii) 
theories relating to information in computing systems and behavior of 
systems. A discussion of these topics will bring out the areas of 
future research interest. 

7.2 Languages and Representation of Systems 

Conventional programming languages represent a special class of 
the nets of the kind discussed in this thesis. This class of nets 
have only one stone at any given time; the stone corresponds to the 
locus of control in the program. The locus of control wanders around 
in the program as the program is executed. A single locus of control 
is not adequate for representing systems, for systems frequently have 
several loci of control - even in the simplest case there is one locus 
of control for each independently operating unit in the system. Clear 
evidence of this fact is the provision of an I/O interrupt facility in 
computers. Multiple locus of control implies concurrency. Languages 
for specifying systems must therefore be equiped to represent concurrency. 
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The concept of concurrency in systems goes far beyond using 
parallel actions to attain greater speed. Concurrency is a manifesta- 

* 

tion of independence. In the extreme case there is complete indepen- 
dence: then the activities of the systems are completely uncoordinated. 
The more interesting case is, however, one in which activities are both 
in part independent and in part dependent. This dependence of otherwise 
independent activities is what is called interaction. Interaction is 
quite fundamental to systems as the only way a system affects the ex- 
ternal world, man and other systems, is through interaction, and inter- 
action implies concurrency (i.e. the presence of more than a single locus 
of control). The fundamental nature of concurrency is more real than 
arguments of speed and efficiency suggest; it is intimately connected 
with the semantics and understanding of systems. 

Contemporary programming languages have developed from attempts to 
characterize functions and have ignored concurrency. Consequently they 
are not adequate for characterizing interaction of one system with 
others. It is no wonder, then, that these programming languages have 
not made substantial headway in being languages for system specification, 
for there is more to a system than functional transformation; in particu- 
lar, there is the interaction of the system with the external world. For 
the same reasons these languages have failed to be languages for 
hardware specification. Hardware consists of an interconnection of func- 
tional units and the functional nature of the units is simple but the 
interaction among them is not. 
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7.3 Is Functionality an Appropriate Characterization of Systems? 

A determinate system is one whose input-output relation is a many 
to one mapping, that is, the relation is a function. Still another way 
of stating this is that a determinate system gives the same output for 
repeated execution of a given program for given data, and therefore a 
determinate computation is also referred to as a reproducible computa- 
tion. There is no doubt that reproducibility of computations is impor- 
tant. For it is very difficult for a system programmer to debug a 
faulty system whose activity is not reproducible. While there is no 
question that determinate systems are important, to say that only de- 
terminate systems are useful systems and that the systems which are not 
determinate are useless is a mistake. Consider an information retrieval 
system which has names of students from all schools. The system is a 
question/answer system. A news reporter is interested in talking to a 
student from M.I.T. , and makes the following request of the system, 
"Give me the name of a student from M.I.T." . It happens that the system 
is implemented using a drum that continuously rotates and on which the 
names of the students together with the school they belong to are 
written. Upon receiving the request from the reporter, the system picks 
the first name of a student from M.I.T. that comes under the reading 
head and gives it to the reporter. It is clear that the system is not 
determinate (i.e. reproducible) as there is more than one student at 
M.I.T., and the reporter may get the name of some other student should 
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he make the same request once again. But the system has answered his 
request to his complete satisfaction and he should have no complaints 
about it. One could say that even though the input-output relation of 
this system is not a functional relationship, its behavior can be still 
described by a function whose one parameter is the position of the drum 
at the time the request is made. Implicit in this, however, is the 
assumption that one can have a complete information about the state of 
the universe. 

Attempts by people to push the concept of a function to such limits 
show the immense faith they have in the notion that functions are a 
formal counterpart to the notion of algorithm, and they consider systems 
to be nothing more than manifestations of algorithms. Church made this 
thesis in the early days of investigations into these problems and 
ever since everyone has regarded it as true. It should be remembered 
that Church's thesis is only a claim; the claim cannot be proved, it 
must be accepted or rejected on the basis of experience [20] . Functions 
are not adequate for representing systems, they are at best adequate for 
representing systems without interaction. Interaction involves concur- 
rency, and functions are not an adequate characterization of concurrent 
systems. Therefore the study of characterizations for concurrent systems 
is important. 

There is still another important aspect to this, viz that of deal- 
ing with systems with only partial information about them, as in the 
case of the information retrieval system considered earlier in which 
the state of the system was only partly known. A theory that handles 
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systems with only partial information about them must be developed for 
a better understanding of the nature of systems. 

7.4 Hardware Systems 

Next consider the design of hardware systems. Even though theories 
for systematic implementation of hardware such as conventional switching 
circuit theory, have been studied at great length, when it comes to 
actual design of hardware, the theories are cast aside and the design 
is worked out on the basis of the emperical art of designing hardware 
systems, indicating that the theories do not meet the needs of the de- 
signer. There is no doubt that these theories have contributed a great 
deal to the understanding of the nature and the limitations of the struc- 
tures they describe, but treatment of structures in these theories runs 
into combinatorial complexity of a magnitude quite unsuited to the de- 
signers who have their human limitations. There is a need for systema- 
tic theory of hardware design procedure which avoids such complexity 
and provides a method better matched to human ability. It is from these 
considerations that the modular and hierarchical approach to the design 
of machines is important. It was pointed out earlier that interaction 
among hardware units plays a significant role and that understanding of 
hardware systems requires understanding of the interaction. To enhance 
understanding of hardware systems the interaction among units must be 
made transparent. Hardware should be suitably structured as to expli- 
cate and simplify the interaction, especially if a formal and systema- 
tic treatment of hardware of practical importance is to be worked out. 
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Moreover, advances in hardware technology also call for simplification 
of interaction and modularity of hardware as the difficulty is no long- 
er so much in putting devices onto a semiconductor chip as in inter- 
connecting one chip with other chips. 

One problem that has beset the hardware designer is that a system 
which is correctly put together on paper does not necessarily work 
correctly when the components are put together in real life. Thus a 
newly designed hardware system must undergo debugging to detect flaws 
which cannot be detected from the paper design. The modular asynchron- 
ous approach to design of coordination structures presented in this 
thesis is a step towards a design procedure for hardware in which the 
hardware runs correctly in the real world if it is designed correctly 
on paper. 

Hardware systems hardly ever have a single locus of control. Be- 
cause each component in hardware acts independently subject to its 
interaction with other components, hardware systems are naturally con- 
current, and in fact concurrency is often exploited in hardware to 
great advantage. Since hardware systems are concurrent, the languages 
for specifying hardware should be able to represent concurrency natural- 
ly if hardware specification in them is to be natural. This insight 
into the requirement of languages for hardware design should be use- 
ful in guiding advances in this direction. Coordination nets and 
modular asynchronous coordination structures represent a step in this 
direction. 
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Another important requirement of hardware design is that one should 
be able to construct a larger system by interconnecting smaller systems. 
Therefore it is of particular interest to know what behavior will emerge 
when a number of systems are interconnected. In general, behavior of 
both determinate and non-determinate system is important. Many a time, 
however, one wishes to construct a larger determinate (functional) sys- 
tem by interconnecting a number of smaller determinate systems. The 
ideal case would be that in which any interconnection of a number of 
determinate systems resulted in a determinate system. However, this is 
not true in general, i.e., an interconnection of a number of determinate 
systems need not result in a determinate system. Some recent work of 
the author [21] states constraints on interconnecting links that are 
both necessary and sufficient for the interconnection of a number of 
determinate systems to be determinate. This is a step towards under- 
standing the influence of interaction on the behavior of a system of 
interconnected systems. 

7.5 Related Theories 

In order to be able to treat interaction of systems in greater 
depth, a theory for system behavior is needed. This theory should be 
to computer systems what Linear System Theory is to feedback systems. 
In particular the theory should provide effective means for deriving 
the behavior of a system of interconnected systems from the behavior 
of individual systems. Since not all useful systems are determinate 
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systems, the theory must concern itself with non-determinate systems as 
well. Moreover, as behavior of computer systems (an important class of 
systems that would be handled by the theory) involves flow of informa- 
tion into and out of the systems, the theory would be intimately con- 
nected with a theory of information that deals with logic and the flow 
of information. A theory of information, a theory of system behavior 
and schemata for representation of systems are all related, and an 
advance in any of these is an advance in the others. In this respect 
the work of Holt and his assoicates [8,22] is significant. 

The work on concurrent systems should find application in modelling 
computer systems and also in other areas. For example better models 
for business systems could be constructed using these ideas as business 
systems are inherently concurrent systems involving interactions among 
several otherwise independent activities. Similarly biological systems 
like nervous systems could be better modelled as they too are concurrent 
systems. At a later stage, it should be possible to analyse such sys- 
tems and suggest the amount and the kind of coordination necessary to 
ensure their proper functioning. The coordination nets presented in 
this thesis are not probablistic in nature, but they can be easily ex- 
tended to probablistic models by associating probabilities with transi- 
tions just as a Markov model is obtained by associating probability 
measures with transitions in finite state machines. 



APPENDIX I 

Hardware Implementation of Modules 

This thesis does not deal with hardware implementation of the 
modules, but a discussion of this topic is desirable. There are two 
approaches to design of modules: i) synchronous design, and ii) asyn- 
chronous design. In the first type of design, even though a module 
interacts with other modules in an asynchronous manner, it is synchro- 
nous inside. In this case, the module samples its inputs at regular 
intervals and, depending on the outcome of sampling, produces outputs 
using a combinational circuit. This type of implementation is used 
in the design of some parts of present day computers, but modules so 
designed are slow and lack elegance. In the second type of design, a 
module is designed as an asynchronous circuit. The conventional switch- 
ing circuit theory is not of much use in the design of such asynchronous 
circuits, but the author believes that an elegant method for designing 
such modules in terms of elementary circuits, called micro-modules, can 
be worked out. This approach to the design of modules is introduced 
below. 

Links and Wires 

The basic links (see section 4.4) can be constructed from wires 
as shown in figure 8.1 . Ready wires are used to send ready signals 
only, and acknowledge wires to send acknowledge signals only. A change 
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in the level of a wire, as opposed to the level itself, represents a 
signal. A signal on a ready wire is called a ready signal and a 
signal on an acknowledge wire an acknowledge signal; ready and ack- 
nowledge signals are of the same kind - the role a signal plays in 
communication over a link determines whether it is a ready signal or 
an acknowledge signal. 

Micro-modules 

Micro-modules are elementary logic circuits for constructing 
bigger modules. In this discussion four micro-modules are introduced 
(figures 8.2 and 8.3 ). The operation of these micro-modules is 
explained below. 

A NOT gate is called a source micro-module because following 
initialization of the circuit (a momentary forced grounding of all wires), 
the output wire of the NOT gate goes from to 1 , and thus sends 
a signal. 

An Exclusive-OR gate is called a disjunct micro-module as it 
transmits a signal on the output wire for each signal received on 
either of the input wires (in use of this micro-module it is necessary 
to ensure that both input wires do not receive signals coincidentally). 

The circuit shown in figure 8.2c is called a conjunct micro-module. 
Signals are sent to this micro-module in pairs - a signal on wire s 
and on wire t (in either order or coincidentally) or on s and b 
(s, t and b stand for signal, transmit and block). In case of the first 
pair, a signal is sent on the output wire when both signals are received, 
and in case of the second pair the micro-module just absorbs the signals. 
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Figure 8.3 shows the schematic of the arbiter micro-module. This 
micro-module is an elementary two input arbiter. The micro-module can 
be viewed as a gate in the path of the wires a-a' and b-b' . Signals 
may be sent to the micro-module on both input wires a and b 
coinciden tally. The micro-module permits one signal from input a 
or from b (but not both) to pass through it for each signal received 
on the third input wire s . Which one of the two signals is permitted 
to pass through the module is determined by the module on a first come 
first serve basis except when the signals are coincident, in which case 
the choice is arbitrary. Even though arbiters have been designed and 
are used in present day computers, they are slow and inefficient. Im- 
proved design of arbiters is currently in progress [23]. 

Construction of Asynchronous Modules from Micro-modules 

Examples showing the use of micro-modules in construction of 
asynchronous modules are presented in figures 8.4 and 8.5 . 

Figure 8.4a shows a P-net for the junction module obtained from 
the P-net of figure 4.25 by removing certain redundancies taking into 
account the relationship among signals on the links. A micro-modular 
circuit for the junction modules obtained from the P-net for the module 
is shown in figures 8.4b and 8.4c . 

Figure 8.5a shows a P-net for the IP-module obtained from the 
P-net specification of the module (figure 4.13). The micro-modular 
circuit for the IP-module obtained from the P-net for the module is 
shown in figure 4.5b . 
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